Cloud Security Engineer
Remote - USA
Applications have closed
Dragos, Inc.
Dragos secures industrial assets across vertical industries. Learn more about how we protect critical industries to reinforce ICS/OT cybersecurity around the world.The IT Security team is responsible for securing Dragos infrastructure and data. IT security is vital to ensuring a strategic Information Security program that adapts to ever-changing environments, risks, and vulnerabilities.
We're seeking an experienced Cloud Security Engineer to expand our internal information security team. This role will focus on driving cloud security efforts for all Dragos cloud environments, including SaaS, PaaS, and laaS.
Responsibilities
- Adopt security frameworks and standards that align with industry best practices and support corporate business objectives
- Assess current stage against adopted frameworks and standards. Provide actionable and feasible recommendations for continued improvement
- Develop and implement secure configuration baselines
- Analyze architectures for security vulnerabilities; harden system architectures
- Procure, implement, and operationalize solutions and tools to secure environments
- Assist in building out secure CI/CD tools and integrations for code analysis
- Perform application security functions such as providing engineering support for SAST, DAST, and SCA tools; assist in remediation efforts of tool outputs; conduct ad hoc and scheduled scans to validate source code; provide program-level support such as secure SDLC and compliance functions
- Act as a backup to Cloud Operations Engineers & Architects as needed. Validate proposed changes, perform health checks, and provide top-tier support for productions environments
- Evaluate threats and define threat vectors
- Respond to system anomaly events, perform triage to validate, work with teams and third parties to resolve
Requirements
- 10 years of overall IT experience
- Extensive experience in the cloud and application security space, securing web applications and their architectures
- Ability to communicate security risks and recommendations effectively with technical and non-technical audiences focusing on actionable and measurable improvements
Preferred Qualifications
- Knowledge of Agile and secure SDLC
- Practical knowledge and experience working in cloud environments and IAM solutions (e.g., AWS, GCP, etc.)
- In-depth familiarity with OWASP guidelines
- Experience with toolsets such as Nessus and Burp Suite
- One or more certifications (e.g., CISSP, OSCP, GPEN, OSCE, GCIA)
- Software development or scripting experience (i.e., Python, Shell, Java, json, Scrum, Jira, etc.)
- Contributions to the security community via public research, pen testing, bug bounty, etc.
- Familiarity with network and web application protocols including http, https, TCP/IP, SAML 2.0, OAuth 2.0, Rest APIs, etc.
We are practitioners who have lived through and solved real security challenges. Our team members have responded to incidents including the Ukraine 2015 power grid attack, analyzed the CRASHOVERRIDE malware responsible for the Ukraine 2016 electric grid attack, analyzed the TRISIS malware responsible for the petrochemical facility attack in 2017, built and led the National Security Agency mission to identify nation-states breaking into ICS, and performed assessments on hundreds of assets around the world.
We offer competitive salaries, equity, and a comprehensive benefits package including medical, dental, vision, disability, 401K, and life insurance.
Dragos is proud to be an equal opportunity workplace dedicated to pursuing and hiring a diverse workforce. Come join us!
Tags: Agile APIs Application security AWS Burp Suite CI/CD CISSP Cloud Code analysis Compliance DAST GCIA GCP GPEN IAM ICS Industrial Java Jira JSON Malware Nessus OSCE OSCP OWASP PaaS Pentesting Petrochemical Python SaaS SAML SAST Scripting Scrum SDLC TCP/IP Vulnerabilities
Perks/benefits: Equity Health care Insurance Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs
- Open Kubernetes-related jobs