— Experience in working with security;
— Experience securing AWS-based DevOps environments, including but not limited to the security of different AWS Services, secure design of VPC architectures, best practices for IAM configuration, and security of data at rest and in transit within or across AWS accounts, etc;
— Familiarity with one of the following object-oriented languages: Ruby, Python, or Go
(Having experience with Ruby/Python is more important than Gol; the candidate should be able to read and contribute to the Ruby/Python code. Security tooling will be written with Python mostly);
— Familiarity with Linux shell scripting;
— Familiarity with Infrastructure-as-Code technology such as CloudFormation or Terraform. (Having experience with Terraform is more important than other technologies. All of the infrastructure is written with Terraform, including the security infrastructure);
— Experience participating in or leading incident response;
— Experience using SIEM technologies such as Splunk ES, LogRhythm, Elasticsearch, Alienvault, AWS GuardDuty, Suricata, bro/Zeek, snort, etc;
— Level of English: Upper-Intermediate.
— Virtualized security appliances (Palo Alto, Checkpoint, Vectra, Darktrace, etc);
— Experience with performing manual validation of Common Vulnerabilities and Exposures (CVE) manually or with a testing framework, testing frameworks like Metasploit;
— Experience with targeted threat hunting;
— AWS, Datadogs, Prizmacloud — used by the customer (huge bonus);
— Experience exploiting web applications; specific experience with Rails is a plus;
— Experience exploiting AWS infrastructure and *nix/Windows machines;
— Experience working with blue and red teams (the customer team is a blue team, but they do some tasks of a red team).
The candidate will do the following:
— Interface with cross-functional team members, both within and outside of engineering, to determine business and technology needs/requirements;
— Assist with selecting, designing, and implementing platform and operational-level security controls;
— Help design and architect security solutions for a modern AWS application environment;
— Perform incident response responsibilities as they relate to potential and confirmed security breaches;
— Develop solutions for automating repetitive security-related tasks and foundational guardrail-like systems for proactively ensuring infrastructure security compliance;
— Provide subject matter expertise on the topics of Information, Cloud, and Application Security to other engineering teams;
— Perform and assist with the development of procedures and systems for “Red Team”- style work such as Network Vulnerability Assessment, Web Application Vulnerability assessment, and manual validation of security control effectiveness.
Our client is an unlimited subscription service that provides access to a wide range of books, audiobooks, news and magazine articles, documents, and more. Subscribers can get millions of titles on their iPhone, iPad, Android, Fire device, or web browser. This makes it easy to access titles wherever and whenever they want. Besides, users can save their favorite titles, create collections, bookmark titles and build the library of their dreams. Their community includes over 1.5M subscribers in nearly every country worldwide.
KitRUM is a one-stop custom software development company headquartered in sunny Florida with tech hubs in Ukraine, Poland, Kazakhstan, and Mexico
With a pool of 300+ top-notch engineering resources, we help CxOs of
— High compensation according to your technical skills
— Interesting projects with great Customers
— Democratic management style & friendly environment
— Full remote
— Annual Paid vacation — 20 b/days + unpaid vacation
— Paid sick leaves — 6 b/days per year
— 12 national holidays
— Corporate Perks (external training, English courses, corporate events/team buildings)
— Professional and personal growth
Follow our team on Instagram to know more about our daily life :)
We adore making new friends on the board!