Staff Security Engineer - Cloud Infrastructure
Forter provides a new generation approach to meeting the challenges facing modern enterprise e-commerce. From attracting and retaining the right shoppers by reducing friction and boosting consumer confidence across the entire purchase journey, to fighting sophisticated fraudsters and reducing chargeback losses, only Forter provides a fully automated, real-time Decision as a Service™ platform. Behind the scenes, Forter’s machine learning technology combines advanced cyber intelligence with behavioral and identity analysis to create a multi-layered detection and decisioning mechanism. Across all our client's sites, we have created a network of over 800 million buyer identities globally. Our success so far in the marketplace has allowed us to achieve a total series F valuation of over $3 Billion. Our investors include: Tiger Global, Bessemer, Sequoia Capital, March Capital, Salesforce Ventures.
What you'll be doing:
- Improve the company’s security standing by developing security features for use in the company’s cloud infrastructure
- Develop and take ownership of automated security tools for internal company use, beginning identity and access management (MFA, Temporary privileges, Secret management)
- Represent the Security Team as point of contact and source of knowledge in Design Review meetings across Engineering
- Perform threat analysis, define security controls and security KPIs for implementation and tracking across the organization.
- Define automated tooling for sensitive (GDPR, CCPA) data discovery, classification, and management
- Select and deploy tools from external vendors for continuous application and infrastructure security scanning, tracking, and resolution (SAST, IDS, IPS, DDoS, etc.)
- Design, build, evangelize, and maintain security infrastructure and tools that all Forter's engineering teams will enjoy using.
- Implement security features, fixes, encryption, networking and data protection.
- Mentor others designing secure applications, providing security requirements during design reviews, and ensuring correct implementations during code reviews.
- Perform quarterly risk assessments and prepare recommendations for how to invest security resources.
- Work very well cross-functionally, think rigorously, and make hard decisions despite tradeoffs.
- Work in brownfield environments, imagining the next evolution of legacy systems alongside new ones.
What you'll need:
- 12+ years developing complex software projects (Python / Ruby / Go / NodeJS / etc.)
- 5+ years working with infrastructure as code tools (Cloudformation / Terraform / Pulumi / etc.)
- Extensive experience working with public clouds (AWS / GCP / Azure)
- Extensive knowledge of every layer of the stack (Hardware / OS / Network / Application / Database / Storage / etc.)
- Hold yourself and others to a high bar when working with production
We would especially love to hear if you:
- Contributed significantly to any open-source application security tooling.
- Have production experience with CNCF technologies like Kubernetes, Istio, Prometheus, Vault, Consul, etc.
- Have experience developing multi-cloud SAAS platforms.
- Have experience with threat modeling, performing security audits, penetration testing, and SAST tools.
- Have experience with certifications, privacy laws, and compliance programs such as PCI-DSS, SOC II, ISO27001, and GDPR.
We believe DevOps is not a job title. It is a culture.
Each team at Forter owns and maintains the performance, availability, security, and privacy of their systems, databases, and applications. Teams perform backups, manage capacity, fix security vulnerabilities, and perform required upgrades (OS, libs, etc.). They also participate in on-call rotations to handle outages and incident response.
We believe that head-count is a vanity metric. More doesn't necessarily mean better and people matter! We prefer smaller teams of talented and cohesive teams over more working hands.
We believe in continuously increasing the IQ and EQ of our teams by building an organization that will draw such people to us. We care immensely about how the team works together, and we're not scared of hard conversations. The friction of opinions or business constraints is something we need to deal with when trying to make an impact.
We don't have QA, architects, or a CTO team. We have neither a NOC nor a SOC team. Our teams are part of the system that we build, so we optimize the processes and tools to fit them. Most of our teams have a generalist-mindset, but our vast system allows people to develop expertise in the areas about which they are most passionate.
At Forter, we believe unique people create unique ideas, and valuable experience comes in many forms. So, even if your background doesn't match everything we have listed in the job description, we still encourage you to apply and tell us why your skills and values could be an asset to us. By welcoming different perspectives, we grow together as humans and as a company.
Forter is an Equal Employment Opportunity employer that will consider all qualified applicants, regardless of race, color, religion, gender, sexual orientation, marital status, gender identity or expression, national origin, genetics, age, disability status, protected veteran status, or any other characteristic protected by applicable law.
Explore more Information Security career opportunities
- Open Senior Infrastructure Security Engineer Jobs
- Open Threat Intelligence Response Analyst Jobs
- Open SOC Analyst Jobs
- Open Senior Penetration Tester Jobs
- Open Principal Security Engineer Jobs
- Open Information Security Architect Jobs
- Open IT Security Engineer Jobs
- Open Information Security Officer Jobs
- Open Staff Security Engineer Jobs
- Open Vulnerability Analyst Jobs
- Open Personnel Security Officer Jobs
- Open Infrastructure Security Engineer Jobs
- Open Chief Information Security Officer Jobs
- Open Senior Information Security Analyst Jobs
- Open IAM Engineer Jobs
- Open Software Security Engineer Jobs
- Open Senior Information Security Engineer Jobs
- Open Sr. Software Engineer - Detection Engineering Jobs
- Open Senior Incident Response Analyst Jobs
- Open DevOps Security Engineer Jobs
- Open Staff Engineer, Cloud Security Jobs
- Open Privacy Manager Jobs
- Open Threat Intelligence Analyst Jobs
- Open Manager, Cybersecurity and Trust Jobs
- Open Cybersecurity Analyst Jobs
- Open NIST-related jobs
- Open Clearance-related jobs
- Open PCI-related jobs
- Open CEH-related jobs
- Open Open Source-related jobs
- Open Forensics-related jobs
- Open IDS-related jobs
- Open Splunk-related jobs
- Open Machine Learning-related jobs
- Open Ruby-related jobs
- Open Intrusion detection-related jobs
- Open OSCP-related jobs
- Open Security assessments-related jobs
- Open IPS-related jobs
- Open Encryption-related jobs
- Open Threat detection-related jobs
- Open Docker-related jobs
- Open HIPAA-related jobs
- Open Cryptography-related jobs
- Open TCP/IP-related jobs
- Open DevSecOps-related jobs
- Open PowerShell-related jobs
- Open Unix-related jobs
- Open DNS-related jobs