Staff Cloud Security Engineer
- San Francisco, CA, USA
- Department: Engineering
Optimizely is the world's leader in customer experience optimization, allowing businesses to dramatically drive up the value of their digital products, commerce and campaigns through its best in class experimentation software platform. By replacing digital guesswork with evidence-based results, Optimizely enables product and marketing professionals to accelerate innovation, lower the risk of new features, and drive up the return on investment from digital by up to 10X. Over 26 of the Fortune 100 companies choose Optimizely to power their global digital experiences. Optimizely’s impressive customer list includes eBay, FOX, IBM, The New York Times and many more global enterprises.
Security is in the foundation of over 3000 customers’ trust in Optimizely. In this role, you will grow our software security program that facilitates security being baked into all of the products and infrastructure built at Optimizely. The responsibilities are a blend of security engineering and software engineering. If you’re a security engineer looking to get into a leadership position, this is a great opportunity for you to have impact across an entire engineering organization and support a world-class software security program.
- Support the software and infrastructure security programs in Optimizely Engineering- ensure that security is baked into everything we build at every step of the software development lifecycle
- Grow a culture of security in Engineering - we do fun things like security happy hours, pizza and t-shirts
- Perform security reviews of products and technical design documents
- Triage security issues and provide recommended fixes
- Support our bug bounty program
- Facilitate independent security assessments, and penetration testing
- Evaluate and implement new tools, processes, and frameworks
- Review and respond to new security threats
- Engineering background at a SaaS company. You may not be coding often, but you will need to be comfortable reviewing and discussing architecture and code with software engineers.
- Expertise with cloud security, particularly AWS and GCP Security concepts. You will be consistently collaborating with the Site Reliability Engineering team to bake cloud security best practices into our infrastructure and products.
- Experience with security activities throughout the Software Development Lifecycle, such as threat modeling, code review, tooling, and testing. - You will act as the Security Partner for one or more Engineering teams to facilitate these practices.
- Experience with Linux and Container hardening
- Understanding of Kubernetes, and security best practices
- Experience with implementing security and hardening within AWS and GCP in large environments
- Can understand, and use programming and scripting languages such as Python, Ruby and Bash
- Expertise with automation tools, such as Terraform and Chef
- Exceptionally clear communication skills- you'll need to communicate effectively and build relationships with all levels and roles at Optimizely
- Worked in a fast growth startup environment
- Bachelor’s Degree in Computer Science or equivalent experience
- 8+ years of hands-on experience in cloud security or related field
Nice To Haves
- Compliance (SOC2, PCI-DSS, ISO 27001, etc)
- Contributions to open-source tools, particularly security tools a plus
- Experience with tools such as Open Policy Agent, OSQuery and AWS Config
At Optimizely, we embody inclusion and embrace diversity. We believe in work/life balance and bringing our true selves to work. To that end, we offer best-in-class perks and benefits that support our Optinauts along their career journey with us. Read more about our culture at optimizely.com/careers.
Optimizely is an equal opportunity employer and makes employment decisions on the basis of merit. Optimizely prohibits discrimination based on race, color, religion, sex, sexual identity, gender identity, marital status, veteran status, nationality, citizenship, age, disability, medical condition, pregnancy, or any other unlawful consideration. All your information will be kept confidential according to EEO guidelines.
Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.