Engineering Manager, Cloud Security
Forter is looking for an Engineering Manager to lead our Cloud Security engineering team. The role reports to the Director of Infrastructure & Security.
Reliability, latency, and security, along with being present where our customers need us, are critical to our success. Every request we process is important to everyone involved. We can’t go down because our customers’ businesses depend on us: we processed eCommerce transactions worth over $200B in 2020, and decided on billions of critical decisions.
We utilize highly sensitive information our customers trust us with, to catch fraudsters and abusers and let consumers operate without any friction.
Our systems run on 1000s of machines, on multiple regions (and Clouds), at a massive scale to provide the best service to the Enterprise customers we serve.
If this kind of working environment sounds exciting to you, if you understand that Engineering is about building the most effective and elegant solution within a given set of constraints - consider applying for this position. But hold on, you best check the position requirements below first :)
We don't take SecOps or DevSecOps as a title but as a culture
Each team at Forter takes security and privacy requirements as part of the design of their systems, fixes security vulnerabilities, and performs required upgrades (OS, libs, etc.).
One of your goals would be to enable engineering teams to do that with maximum efficiency and happiness, by providing them the tools, knowledge, and practices they need in order to act securely, but without adding friction to their work. We believe that dev experience really makes a difference here!
Stuff you’ll be doing:
- Leading a team of 3 Security Engineers
- Set up processes to help the team do its best work and engage effectively with the rest of Forter
- Design, build and monitor tools to enable safe access and utilization of data and systems
- Perform architecture reviews to steer projects in the right direction early, participate in security code reviews, and perform penetration testing against products prior to shipping.
- Support engineering with implementing security fixes, ensuring security scanners are utilized correctly, and develop strategies to proactively secure their architecture.
- Create threat models for products you’re responsible for, and leverage them to prioritize time-based on risk impact.
- Educate and train product teams on security topics and skills to extend AppSec’s reach by deputizing product teams to help themselves.
- Collaborate with our CISO, Legal, Engineering, Research, Finance, and Corporate IT leaders to rapidly and fundamentally improve the security posture of the business
- Recruit great engineers, in collaboration with the recruiting team
- Develop engineers on the team, helping them advance in their careers
- Work in brownfield environments. Imagine a future for legacy systems and plan migrations in evolutionary steps
Stuff we need you to have:
- Managed engineers (at least 3 engineers) for 3+ years
- Experience threat modeling
- Experience performing security audits, penetration testing tools, SAST tools
- Experience with standards compliance processes - PCI-DSS, SOC II, ISO 27001, etc.
- The ability to work very well cross-functionally, and the ability to think rigorously and make hard decisions and tradeoffs
- 8+ years developing complex software projects (Python / Go / Java / etc.)
- 3+ years working with Infrastructure As Code tools (Cloudformation / Terraform / Pulumi)
- Extensive experience working with public clouds (AWS / GCP / Azure)
- Hold yourself and others to a high bar when working with production
- Excellent presentation skills - can talk and explain at the right level of abstraction to different audiences
- Fluent in written and spoken English
Some examples for projects your team will work on and support
- Developer IAM automated flow. This allows developers across the org to apply for cloud-provider permissions via an automated review process.
- Secrets / CA - Maintain the secret management infrastructure. Support the automated flows that allow developers to create and modify secrets and for applications to get hold of secrets.
- Secret sharing automation. Share/revoke access to production secrets for the relevant people across the org.
- Temporary access grant tools (SSH/k8s) - Tools used by developers across the org to gain temporary access to privileged production resources.
- Data Discovery & Deletion (GDPR/CCPA), - manage PII across the company’s datastores, adhering to the GDPR/CCPA standards.
- Infrastructure for the purpose of securing applications - DDoS protection, encryption, cloud-provider authentication infrastructure for both developers and applications ensuring MFA in all API access, rate limiting, bot detection, etc.
We’d especially love to hear from you if:
- You are confident representing your agenda and opinions in a business full of engaged, passionate people
- You are passionate about building products and tools that developers love to use
- If you have open-source application security tooling to your name
What it’s like to work at Forter:
We believe that head-count is a vanity metric (i.e. more doesn’t necessarily mean better), and that people matter! This is why we prefer smaller teams of talented and cohesive teams over “just give us some more working hands”.
We believe that the metric we should optimize for is increasing the IQ and EQ of our team over time, by building an organization that will draw such people to us. We care immensely about how the team works together, and we’re not shy from hard conversations. When you try to make an impact, friction (of opinions, or business constraints) is something you need to deal with.
We don’t have QA, we don’t have Architects (“CTO team”), we don’t have a NOC or SOC team. We look at our team as part of the system that we build, so we optimize the process and tools to fit our team. Most of our team has a generalist-mindset, but our system is vast and we have people developing expertise in areas they are passionate about.
We are big believers in having Skin in the game as a way of setting the alignment of incentives to build things right, and picking boring technology as we respect the complexity of our system and business.
You should join to help us build a better version of Forter, rather than a smaller version of a large company.
If you’re up for the challenge, please submit your CV.