Listing Description

PagerDuty believes that people do their best in a culture that fosters inclusion, innovation, and success. Our values - Champion the Customer, Take the Lead, Run Together, Ack + Own and Bring Yourself - serve as the foundation of our collaborative and dynamic culture.

Whether it’s conducting a retrospective, participating in our bi-annual hack weeks, cranking out a new product feature, or doing our day to day work, Dutonians live and breathe these five values every day. Together, we solve real customer issues and fulfill our mission of connecting teams to real-time opportunities and elevate work to the outcomes that matter.

We’re building an inclusive workplace that represents the real, everyday people we support around the world. From how we build our teams to who sits in the boardroom, we hope you can see yourself at PagerDuty.

PagerDuty is seeking our next Dutonian on the Infrastructure Security team. As a Manager, Infrastructure Security at PagerDuty, you’ll be a part of and lead an amazing team that’s intensely focused on securing our products, improving our security processes, and building the future of security at PagerDuty.  

How You Contribute to Our Vision

• You revel in the opportunity to build lovable security solutions that make developers and customers happy. 


• Be a part of security initiatives like secrets management, identity and access management, vulnerability management, incident response, implementing security controls, and infrastructure.


• Since we own and operate what we build, you’ll collaborate closely with engineers across teams.  You will work closely with our internal development teams to ensure we deliver secure, highly reliable and scalable solutions to our customers.


• We practice Chaos Engineering, so you’ll have the opportunity to be involved in our Failure Friday sessions, where we deliberately break our systems, find weaknesses, and fix them proactively.
  
  


• With 10,000+ global customers and growing, you’ll be solving really interesting technical challenges while helping to scale our product to keep up with demand.


• Support our team’s on-call rotation, triaging and addressing security issues as they arise.


• Backfill for CISO as needed in meetings, represent PagerDuty in customer technical discussions as needed


• Partner closely with other leaders within security and engineering.


• Should be able to identify current and future needs to stay current with FedRAMP and industry requirements in support of overall security (network security).

About You: Skills and Attributes

• You get excited about incident detection, response and forensics.


• You believe in creating tools and automation that make security the easiest choice.


• Things that make you smile: Secure Infrastructure, systems, automation, analysis, coding, cute animal memes.


• You’re interested in and understand vulnerability management, patch management, and security tooling. 


• You understand the importance of documenting, collaboration, and knowledge sharing.


• You are comfortable with loosely defined requirements where you exercise your analytical skills to clarify questions, share your approach and collaborate with the rest of the team to build/test elegant solutions.


• You have an understanding of the importance of empathy: you should have an open mind to others—no matter how senior or junior they are.


• You have a calm, assertive approach to diagnosing and fixing urgent problems.


• You enjoy mentoring and learning from your team and peers.
  
  

Minimum Requirements

• 5+ years of experience as a Security Engineer in a large, enterprise, Cloud-native/Cloud-first environment , working closely with the SRE team, implementing security controls.


• At least 2 years managing teams of individual contributors including managing and assigning individual, team and cross-team work.


• Experience with FedRAMP, including FedRAMP Low baseline controls, continuous monitoring disciplines, NIST 800-53 controls, NIST CyberSecurity Framework, working with 3PAO and Agency sponsors.


• Ideally experience includes bringing a product through first-ever FedRAMP authorization, but at a minimum, maintaining ongoing compliance for authorized environment.


• Technical stack experience required to be successful in this role:




• AWS Security (GuardDuty, CloudTrail, Secrets Manager, EKS/ECR, IAM family, Config) 


• Vulnerability management (Qualys/Nessus, Twistlock, Snyk), SIEM (SumoLogic or Splunk), 


• Infrastructure as Code, Container Security , CI/CD Discipline (Helm, Terraform, Chef), 


• SOC, Security Incident Response & Risk Management. 




• Experience with SOC, IR activities.


• Proficiency in at least one programming language (e.g. Ruby on Rails, Python, JSON/Scripting). Required for tools that are rolled out for integration, IaaS, and ability to deploy certain workloads.
  
  

Preferred Experience

• Auditing and security best practice of AWS; focus on IAM, network access, Kubernetes and S3.


• Penetration testing, bug bounties and anything in between.