Cloud Security Engineer

Our mission at Dragos is to protect the world’s most critical infrastructure from adversaries who wish to do it harm. We help defend industrial organizations that provide us with the tenets of modern civilization: running water, functioning electricity, and safe industrial working environments.
The IT Security team is responsible for securing Dragos infrastructure and data. IT security is vital to ensuring a strategic Information Security program that adapts to ever-changing environments, risks, and vulnerabilities.
We're seeking an experienced Cloud Security Engineer to expand our internal information security team. This role will focus on driving cloud security efforts for all Dragos cloud environments, including SaaS, PaaS, and laaS.

Responsibilities

• Adopt security frameworks and standards that align with industry best practices and support corporate business objectives
• Assess current stage against adopted frameworks and standards. Provide actionable and feasible recommendations for continued improvement
• Develop and implement secure configuration baselines
• Analyze architectures for security vulnerabilities; harden system architectures
• Procure, implement, and operationalize solutions and tools to secure environments
• Assist in building out secure CI/CD tools and integrations for code analysis
• Perform application security functions such as providing engineering support for SAST, DAST, and SCA tools; assist in remediation efforts of tool outputs; conduct ad hoc and scheduled scans to validate source code; provide program-level support such as secure SDLC and compliance functions
• Act as a backup to Cloud Operations Engineers & Architects as needed. Validate proposed changes, perform health checks, and provide top-tier support for productions environments
• Evaluate threats and define threat vectors
• Respond to system anomaly events, perform triage to validate, work with teams and third parties to resolve

Requirements

• 10 years of overall IT experience
• Extensive experience in the cloud and application security space, securing web applications and their architectures
• Ability to communicate security risks and recommendations effectively with technical and non-technical audiences focusing on actionable and measurable improvements

Preferred Qualifications

• Knowledge of Agile and secure SDLC
• Practical knowledge and experience working in cloud environments and IAM solutions (e.g., AWS, GCP, etc.)
• In-depth familiarity with OWASP guidelines
• Experience with toolsets such as Nessus and Burp Suite
• One or more certifications (e.g., CISSP, OSCP, GPEN, OSCE, GCIA)
• Software development or scripting experience (i.e., Python, Shell, Java, json, Scrum, Jira, etc.)
• Contributions to the security community via public research, pen testing, bug bounty, etc.
• Familiarity with network and web application protocols including http, https, TCP/IP, SAML 2.0, OAuth 2.0, Rest APIs, etc.

Our mission at Dragos is to protect the world’s most critical infrastructure from adversaries who wish to do it harm. We help defend industrial organizations that provide us with the tenets of modern civilization: running water, functioning electricity, and safe industrial working environments.
We are practitioners who have lived through and solved real security challenges. Our team members have responded to incidents including the Ukraine 2015 power grid attack, analyzed the CRASHOVERRIDE malware responsible for the Ukraine 2016 electric grid attack, analyzed the TRISIS malware responsible for the petrochemical facility attack in 2017, built and led the National Security Agency mission to identify nation-states breaking into ICS, and performed assessments on hundreds of assets around the world.
We offer competitive salaries, equity, and a comprehensive benefits package including medical, dental, vision, disability, 401K, and life insurance.
Dragos is proud to be an equal opportunity workplace dedicated to pursuing and hiring a diverse workforce. Come join us!