Staff Security Engineer

Important: Before applying, please consider the following:

* Upload your resume in English, otherwise we can't review it.
* This position can be Remote, hybrid or any Chile office in Santiago or Viña del Mar

About the Team

Evernote is looking for a Staff Security Engineer to join our growing security team. Are you passionate about solving security infrastructure problems at scale? Our customers trust us with billions of their notes, projects, and ideas and we are here to protect them. You will work with teams across multiple disciplines to provide practical security advice that improves our posture in network security, identity and access management, data security, and security risk. Do you enjoy working with modern technologies like Spanner, Kubernetes, and cloud-native services? We're growing and investing in these areas, so there's no shortage of new and interesting things to learn about and secure. You’ll be joining a team of senior security professionals who are focused on providing practical security guidance to a rapidly growing technology stack. If you like to question traditional security dogma and apply a rational perspective to adapt it to modern technology, you are going to enjoy this role.

Job Responsibilities

• Provide security guidance on new technology implementations
• Perform risk-based security reviews on existing infrastructure
• Recommend and implement security controls for infrastructure
• Assess the security posture of our third-party partners and service providers
• Assist with driving remediation of risks and exposures you identify
• Participate in the Security On-Call rotation
  
  

Required Skills

• Have at least five years of experience in a security-related field
• Experience auditing deployment systems, cloud infrastructure, and orchestration systems
• Experience configuring network protocols and controls
• Deep understanding of identity and access management
• Working knowledge of Linux and ability to navigate the command line
• Strong grasp of system design and commonly employed technologies
• Practical threat-modeling experience
• Interest in multi-functional partnership within the company
• Success leading highly complex technology projects
• Excellent verbal and written communication skills
  
  

Preferred Skills

• Experience working with Cloud Services (AWS, GCP): VPC networking, firewalls, load balancing, GCE, GKE, GCS, PubSub, Spanner, App Engine, BigQuery, BigTable
• Infrastructure experience with Kubernetes, HAProxy, Envoy, Elasticsearch, Consul, Istio, Vault
• Proficiency in scripting and configuration languages (Python, Terraform)
• Experience working with containers and container orchestration (Kubernetes)
• Industry intermediate-level certification(s) preferred (Examples: CCSP, CISA/CISM, CISSP)
• Knowledge of Cloud Security Controls and Concepts
• Knowledge of OWASP, MITRE ATT&CK, and CIS Critical Security Controls

 

The safety and well-being of our candidates, our employees and their families continues to be a top priority. At this time, interviews will continue to be conducted virtually. In order to provide and maintain a safe workplace, we have also adopted COVID-19 safety protocols for each work location which may include vaccination or testing requirements in accordance with applicable laws. Please speak with your recruiter to determine which protocols apply to the work location for the job you are seeking.

Evernote’s current US offices are located in Redwood City, CA, San Diego, CA, and Austin, TX. Evernote’s International offices include Santiago, Chile, Viña del Mar, Chile, and Tokyo, Japan.

We are committed to an inclusive and diverse Evernote. We believe that different perspectives lead to better ideas, and better ideas allow us to better understand the needs and interests of our diverse, global Evernote Community. We welcome people of different backgrounds, experiences, abilities and perspectives and are an equal opportunity employer.
 
California privacy notice: Read our privacy policy for job applicants at https://evernote.com/privacy/policy