Senior Staff Security Engineer

POL Warsaw

Applications have closed
Senior Staff Security Engineer

Senior Staff DevSecOps Engineer

Product Software, Data Center Services

Equinix is the world’s digital infrastructure company. We interconnect industry-leading organizations such as finance, manufacturing, retail, transportation, government, healthcare and education across a digital-first world. Business leaders harness our trusted global data center services platform to bring together and interconnect the foundational infrastructure that powers their success—sustainably and securely. With a presence in more than 50 markets worldwide, We provide cutting-edge solutions that enable companies to accelerate their digital transformation and thrive in today's interconnected world.

Job Description

If you worked in application development and operations, have experience in at least one programming language, software security is your passion, DevOps work culture excites you then you are our perfect candidate. You will become a part of a world-class product engineering team that’s responsible for development of key Equinix products. We build highly scalable, globally distributed software, using modern technology stack, cloud, microservices architecture, real-time and near-real-time stream processing, API-first approach and focusing on the product quality and processing SLA. This can make you a part of the world-class product engineering team that’s paving the path for new ways for enterprises to consume ever increasing data center services.

Job Summary

This role is technical, hands-on, engineering role for security specialists knowing Java and having experience with distributed, highly automated environment or a developer understanding security and open to learn new things. Your responsibility will be reducing risk and improving security posture by analyzing vulnerabilities and implementing remediations while working within software engineering teams including both software development and operations.

Responsibilities

  • Engage with Product Engineering in design, implementation, and maintenance of the build/release process.
  • Collaborate with Product Engineering to integrate security practices into software development process, ensuring secure coding standards, design principles, and threat mitigation strategies are followed.
  • Work with Product Engineering to grow their knowledge and adopt tools to be self-sufficient while working with infrastructure.
  • Contribute to development and maintenance of tools enabling infrastructure as a code.
  • Engage in incident resolution, build mitigation plans of owned applications.
  • Audit, analyse and test security – SAST, DAST, penetration testing.
  • Improve security and compliance controls in support of DevOps processes.
  • Collaborate with internal stakeholders to address security requirements and enhance security awareness across the organization.
  • Contribute to development and maintenance of security policies, procedures, and guidelines that align with industry best practices and regulatory requirements.
  • Actively research and keep abreast of the latest security threats, vulnerabilities, and industry best practices, and apply this knowledge to continuously improve our security strategies.

Qualifications

Software Engineering

  • You have at least 5+ years work experience in Product Engineering organization in a medium or large corporate environment.
  • You are familiar with cloud-based application development, understanding of Java eco-system (Spring/Play/Hibernate) and/or JavaScript (React/Angular/Ember), HTML5/CSS3, Node.JS
  • You have experience in Agile software delivery methodology.
  • You have experience setting up and maintaining CI/CD pipelines.
  • You have DevOps experience (nice to have)

Infrastructure configuration and management

  • You have experience in running and monitoring production systems utilizing microservices and distributed systems architecture at scale with observability.
  • You know how to build and operate Docker containers.
  • You have experience with defining and managing applications that operate on orchestration platforms like Kubernetes.
  • You have working experience with service mesh configuration (nice to have)
  • You have a background in workload based on cloud-based system with at least one of the leading public cloud platforms (AWS/Azure/GCP – nice to have)

API Gateway Engineering (nice to have)

  • You understand common API concepts and standards as well as aspects of data storage, service status and session handling.
  • You are familiar with API management system for high availability, resilience, and recovery.
  • You know how to deploy, configure, tune, and monitor API Gateways
  • You know how to apply API policies and standards for security and standarization of an enterprise.

Application security

  • You understand security principles, secure coding practices, and common security vulnerabilities (OWASP Top 10, CWE, etc.).
  • You have knowledge in areas of network protocols, web application security, and data protection mechanisms.
  • You can identify, report & drive fixing vulnerable libraries/packages in Java, JavaScript, messaging frameworks and workflow engines.
  • You have knowledge of authentication and authorization technologies and methods (SAML, HMAC, OAuth, OIDC etc)
  • You have experience with WAF (nice to have)
  • You understand compliance frameworks like PCI, ISO, GDPR and SOC (nice to have)

Additional expectations

  • Curiosity and ability to learn new tools.
  • Talent multiplier who gets the team around them to excel.
  • Experience debugging complex problems.
  • Persistence, creativity and drive to relentlessly get excellent results.
  • English on a level that lets you work efficiently and discuss complex technical topics.
  • Experience in working with people from diverse cultures spread across the globe in different time zones (nice to have)
  • Alignment to company values known as Magic of Equinix https://blog.equinix.com/blog/2017/07/06/a-companys-culture-is-critical-can-you-define-yours/

Equinix is committed to ensuring that our employment process is open to all individuals, including those with a disability. If you are a qualified candidate and need assistance or an accommodation, please let us know by completing this form.

Equinix is an Equal Employment Opportunity and, in the U.S., an Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to unlawful consideration of race, color, religion, creed, national or ethnic origin, ancestry, place of birth, citizenship, sex, pregnancy / childbirth or related medical conditions, sexual orientation, gender identity or expression, marital or domestic partnership status, age, veteran or military status, physical or mental disability, medical condition, genetic information, political / organizational affiliation, status as a victim or family member of a victim of crime or abuse, or any other status protected by applicable law.

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  15  1  0

Tags: Agile API Gateway APIs Application security AWS Azure CI/CD Cloud Compliance DAST DevOps DevSecOps Docker Finance GCP GDPR HMAC Java JavaScript Kubernetes Microservices Monitoring Node.js OWASP Pentesting SAML SAST SOC Vulnerabilities

Region: Europe
Country: Poland

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.