Senior Security Engineer, Cryptomining
Toronto, Remote Canada
CircleCI
Get the best continuous integration and delivery (CI/CD) for any platform, in our cloud or on your own infrastructure, for free.CircleCI is hiring a Senior Platform Security Engineer, Threat Detection to join our Security Team. This role will investigate all types of threats in the CircleCI Cloud environment by conducting behavioral analysis during builds, Platform usage reflection and introspection, assessing network traffic behavior, staying up to speed on malware trends, work proactively with third-party partners combating platform misuse, build metrics that establish benchmarks future work is measured against, and respond to incidents. Their primary duty is to identify users who are using CircleCI in ways that are against our Terms of Service and compliance requirements.
A typical day could include analyzing customer configuration code, collaborating with legal, examining our system for evidence of new exploits, reverse engineering them and building tools to detect and protect us from them.
The Security team is a highly-distributed team that’s building a paved security path so our team of roughly 250 engineers can ensure our infrastructure provides value to legitimate customers. You'll write sustainable, resilient code as part of an engineering organization that values teamwork, trust, and learning.
CircleCI is responsible for build environments used by thousands of development teams every day, be part of a team at the heart of it!
What You’ll Do:
- Establish and refine a culture of security observability and monitoring
- Partner with Security Operations, Product, Legal and Platform Security Engineering
- Write and maintain sustainable, high-quality, high-performance code for infrastructure and security automation
- Reverse engineer malware
- Build tooling to analyze new open source code that CircleCI is processing
- Research and understand the landscape of cryptomining malware
- Identify entry points malware use for our product’s free tier
- Participate in the Security Team’s on-call incident rotation
- Respond to bug emails submitted by security researchers and work on remediation
About You:
You value and know the importance of developing, documenting and educating others on best practices and processes for achieving goals. Learning something new every day is essential to your happiness. Mentoring is a primary reason why you love your profession. You are compassionate and genuinely like people. You love looking at obfuscated source code, solving difficult detection problems, thinking about how to make the game of malware not worth playing for your adversary, and discovering innovative abuses of everyday tools.
Does that sound like you? If so, here’s the experience we’re looking for:
- Security context and strong analytical skills
- Understanding of malware architecture, torrents, cryptomining, botnets, DDOS
- 5+ years experience researching malware and/or programmatic abuse of cloud environments
- Excellent communication skills and ability to remain calm under high-pressure situations
- Experience working with Docker, Kubernetes, Terraform, Helm, AWS, and modern distributed SaaS infrastructure
- A willingness to learn new languages. We use Clojure, Go and TypeScript and our customers use almost every language under the sun
- Web, database, information and/or infrastructure security
- A focus on delivering high-quality code through strong testing practices
- Ability to manage customer demands and work with internal collaborators to deliver on them
- Demonstrated ability to lead multiple, complex projects simultaneously
CircleCI Engineering Competency Matrix:
The Engineering Competency Matrix is our internal career growth system for engineers. This position is level E3. If you’re not sure this is you, we encourage you to apply. Find more about the matrix in this blog post.
We know there’s no such thing as a “perfect” candidate - we’re all a work in progress and are growing new skills and capabilities all the time. CircleCI welcomes those who are enthusiastic about learning and evolving, so however you identify and whatever your background, if this looks like a role where you could do work that excites you, we hope you’ll apply.
Work remotely with our globally distributed team!
We’re a distributed company with teammates across the world. For this role, we are hiring engineers to work remotely in Canada.
About CircleCI
CircleCI is the world’s largest shared continuous integration and continuous delivery (CI/CD) platform, and the central hub where code moves from idea to delivery. As one of the most-used DevOps tools that processes more than 1 million builds a day, CircleCI has unique access to data on how engineering teams work, and how their code runs. Companies like Spotify, Coinbase, Stitch Fix, and BuzzFeed use us to improve engineering team productivity, release better products, and get to market faster.
CircleCI is proud to be an Equal Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law.
The Colorado salary range for this role is
This role will report to
LI-MA1
Tags: Automation AWS CI/CD CircleCI Clojure Cloud Compliance DDoS DevOps Docker Exploits Helm Kubernetes Malware Monitoring Open Source Reverse engineering SaaS Terraform Threat detection TypeScript
Perks/benefits: Career development Startup environment
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Product Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open Threat intelligence-related jobs
- Open IAM-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs