Cloud Security Engineer

RStudio creates great software that helps people understand data and make better decisions in real-world applications. Our core offering is an open-source data science platform, and we aim to make it available to everyone, regardless of their economic means. Information Security Operations is looking for a Cloud Security engineer who can help secure the RStudio cloud infrastructure. This highly technical role requires hands-on keyboard work to operate, administer, and automate existing and future security tools.

The Information Security team is a part of the Information Operations department, and this position will report to the Director of Security Operations. The position requires a delivery mindset as the engineering and SRE teams will consume your practices, requirements, and guidelines as part of their workflow.  It is necessary to possess wide technical, business, and industry knowledge that will allow us to foster a culture of trusted partnership, service, and continuous improvement. 

What you’ll own:

• Aligning Security Controls to Cloud Security tools and custom automation
• Operating tools related to Cloud Security Architecture including CSPM, CASB, and Zero Trust Integrations
• Acting as the Subject Matter Expert (SME) for adopting best practice security in the cloud (AWS, GCP, Azure)
• Reviewing alerts and recommendations from AWS Cloud Security Hub, Azure Security Center and Google Cloud Security
• Performing cloud security assessments for RStudio applications and internal IT operations 
• Threat Modeling cloud-based web applications and infrastructure for customer facing and internal dataflows
• Testing and demonstrating mitigation strategies and improvements 
• Performing threat hunting against cloud assets
• Scripting or otherwise automating tests to detect or prevent new threats in order to supplement or improve reporting from commercial solutions 

What you’ll help with:

• Driving the integration and ongoing monitoring of cloud security events into Security workflows and alerting (Slack, Email, Dashboards)
• Responding to cloud security incidents and alerts 
• Securing the solution delivery pipeline for cloud-based web applications with DevOps and SRE Engineers
• Reviewing Infrastructure as Code for Terraform, Pulumi, Kubernetes, and/or Cloud Formation for security vulnerabilities

What you’ll learn:

• In-depth knowledge of current and future Cloud Infrastructure initiatives across multiple cloud platforms
• New and emerging technologies and techniques for Cloud Security

About you:

• You have a deep technical understanding of relevant cloud technologies (including, but not limited to) AWS Security & IAM Config, KMS, CloudWatch, Guard Duty, Cloud Trail, ECR
• You are driven to learn about how RStudio uses the cloud to deliver value to its customers
• You collaborate by default; working with engineers and architects to mitigate security vulnerabilities
• You provide value through the knowledge gained and communicated from hands-on analysis and testing. 
• You look at threats and vulnerabilities as opportunities and evidence to enhance our understanding of the landscape we protect. 
• You are a highly ethical person who understands that our value hinges on the speed and the integrity of the product delivered
• You collaborate with stakeholders and independently ensure the accuracy of information delivered in security test results.
• You have experience meeting timelines and reporting across different business units.

Within 1 month:

• Become familiar with the current state of the security infrastructure and operations, as well as existing projects and those planned for the near future.
• Meet everyone currently on the Information Operations team and associated Cloud teams 
• Attend and contribute to Trusted Advisor reviews

Within 3 months:

• Document and report improvements to the security architecture of cloud-based customer-facing applications
• Provide meaningful feedback on existing practices and opportunities for maturing cloud security

About us:

• We welcome all talented colleagues and are committed to a culture that represents diversity in all its forms.
• We prioritize giving ourselves “focus time” to get deep work done. We minimize meetings and attempt to operate asynchronously.
• We are a learning organization and take mentorship and career growth seriously. We hope to learn from you and we anticipate that you will also deepen your skills, influence, and leadership as a result of working at RStudio.
• We operate under a unique sustainable business model: We have over 50% of our engineering dedicated to creating free and open source software.  We are profitable and we plan to be around decades from now.

Notable:

We offer competitive compensation with extensive human-first, people-focused benefits to prioritize your personal and financial well-being.

• 100% of medical, dental, and vision insurance premiums are covered for employees and their families! Fertility and gender-affirming healthcare is included in all of our plans.
• Supplemental mental health and wellness benefits are available via Ginger even if you don’t opt in to our insurance plans, including Ginger for teen family members.
• RStudio’s gender-neutral paid parental leave policy covers all new parents, including foster and adoptive parents.
• Our 401k matches up to 50% of the maximum employee contribution after six months.
• An annual profit-sharing bonus for employees recognizes our team’s contributions to company performance across the year.
• We are a 100% distributed team. You are also welcome to come into our Seattle or Boston offices. 
  • Our remote office allowance includes: 
    • $1000 home office allowance plus an additional $800 for equipment
    • Up to $400 monthly reimbursement for coworking space rental
• We provide a flexible environment with a generous vacation policy that encourages a minimum of four weeks PTO per year plus 13 paid company holidays.

RStudio is committed to being a diverse and inclusive workplace. We encourage applicants of different backgrounds, cultures, genders, experiences, abilities, and perspectives to apply. All qualified applicants will receive consideration for employment without regard to race, color, national origin, religion, sexual orientation, gender, gender identity, age, physical disability, or length of time spent unemployed.

#LI-REMOTE