Infrastructure Security Engineer
Who You Are:
We are looking for an Infrastructure Security Engineer to join our Platform team. The ideal candidate can think both tactically in dealing with security incidents and strategically in anticipating future threats against our infrastructure. This position will have the opportunity to engage across the Fair organization in support of ongoing initiatives, ensuring that best practices for security and risk management are embedded in project and process life cycles.
What You’ll Do:
- Conduct security reviews of core infrastructure.
- Carry out network and application penetration testing and vulnerability scanning.
- Help establish and maintain corporate security best practices.
- Work with the Platform and larger engineering team to architect and build highly performant, secure automated development systems
- Build out a security team from the ground up
What You’ll Need:
- 5+ years’ experience in Security Engineering
- Comfortable writing code in scripting languages (Ruby, Python, etc.) and compiled (Go, etc.) (preferably more than one)
- Experience with security primitives of a major cloud provider (IAM, Security Groups, VPCs, etc.)
- Familiar with the challenges of processing security events at scale
- Experience in running information security programs, including but not limited to penetration testing, vulnerability scanning, red team exercises.
- Knowledge of network-based and system-level attacks and mitigation methods.
- Deep knowledge of vulnerabilities and exploits.
- Familiarity with log formats and host or network based intrusion detection systems.
- Strong foundation in and in-depth technical knowledge of security engineering, computer and network security, authentication and security protocols and applied cryptography.
- Strong familiarity with virtualized environments whether hypervisor based or container based and knowledge of the security issues that are specific to them.
- Familiarity with build tools and automation in software engineering - such as in Continuous Integration (CI) environments
- Good understanding of high frequency build/delivery and DevOps
- Knowledge of software defined networks
- Knowledge of docker and docker security requirements
- Familiarity with automated vulnerability analysis tools
- Familiarity with automated code review tools