Listing Description
What You'll Do:
- Lead the development, design, and evolution of platform security serverless microservices for identity, authentication, and authorization, as well as tools and patterns providing data encryption and secrets management.
- You will be the security champion and advocate for platform application security services and best practices throughout the organization. The ability to clearly, concisely, and patiently communicate architectural/implementation risks to engineers, product owners, and leadership will be pivotal in this role.
- Share knowledge and expertise with platform security team members to aid in their growth and understanding, elevating the whole team and improving our efficacy.
- Document system, service, and data interactions and flows for consumption by engineers inside and outside of the platform security team.
- Encourage innovation and foster an environment of continuous improvement.
- Identify risks and aid in implementing process and implementation improvements in the overall platform.
- Provide code reviews for sensitive code bases with a focus on code quality and secure implementation.
What We Are Looking For:
- 5+ years of combined software, security, and cloud infrastructure engineering and/or architecture experience.
- Intimate familiarity with OAuth/OIDC flows, JWT tokens, and overall identity, authentication, and authorization principals.
- Understanding of modern cloud security and secure code operations, concepts, and practices.
- Experience with DevOps and secure SDLC tools, patterns, and methodologies for cloud architectures.
- Experience working with serverless services such as AWS API Gateway, Lambda, and DynamoDB.
- Experience with AWS IAM principals and configuration.
- Experience driving technical and security requirements with cross-functional teams.
- Strong understanding of cryptography, including best practices.
- Extensive knowledge around API development with HTTP, REST and JSON.
- Experience designing and implementing services in a high-security cloud-based environment.
- Able to respectfully provide and receive feedback in all situations.
- Self-motivated, able to take ownership of tasks and see-through completion.
- Must be well organized, able to thrive in a fast-paced startup environment, must have the ability to approach problems with a collaborative, team-player attitude.
- Strong communication skills in several mediums, working with a collaborative cross-functional team of peers and development teams throughout the company.
Nice to Haves:
- Experience with AWS CDK for infrastructure-as-code.
- Experience TypeScript (v4) and the related ecosystem.
- Familiarity with containers and general security principals.
- Familiarity with cloud networking security principles and technologies.
- Experience working closely with security operations teams, including SOCs, incident response, vulnerability management, and GRC.
Listing Details
- Citizenship: Not Provided
- Incentives: Not Provided
- Education: Not Provided
- Travel: Not Provided
- Telework: Not Provided