$100K — $150K *
We are searching for an experienced Application Security professional with excellent AWS knowledge and a passion for DevSecOps methodology. You'll be working within a team of security and infrastructure engineers but with a remit for providing specific security coaching, guidance and technical input to our Product Engineering teams. This is a hands-on engineering position but you will need both technical and leadership skills to succeed by influencing engineers and managers across a wide technical function.
Specific areas of responsibility will include formulating security guidelines for engineers deploying applications to our platform, including defensive programming techniques, OWASP top 10 education, cloud native (12-factor) application security, credential management and securely interfacing application code with AWS services. You will work closely with our Senior Cloud Security Engineers, Cloud Infrastructure Engineers, Cloud Network Engineers and our Product Engineers in order to significantly raise the bar for security in general across the Lucid technical stack.
The Infrastructure and Security team holds itself accountable to a high standard of build quality. We have recently completed the first major phase of a completely green-field infrastructure and platform rebuild that is designed to underpin Lucid’s business applications for the next decade while scaling to support a 10-fold growth in revenue. We are compulsive about infrastructure as code (nothing in our new platform is created or deployed unless via a code change) and driven to achieve a full end-to-end continuous deployment pipeline. We are also dealing with legacy, like most non-startup organisations, our goal now is to accelerate the migration of applications and services from the legacy infrastructure accounts to the new platform. Major elements of our platform include AWS (we make significant use of S3, RDS, ECR, Kinesis, EC2, EMR, ElastiCache, ElasticSearch and EKS), Linux, Terraform, Kubernetes, Docker, Packer, Ansible and Jenkins. We support applications and services written in Golang, Python, Java, Scala and .Net. We monitor and alert on everything we deploy via Grafana, Prometheus, Graphite and ELK stacks.
You will be someone that shares our values and ambitions and can bring security best practices and specific application security expertise to the party. You will additionally be the kind of person that is energised by complex challenges, teamwork and problem solving. In return, we can offer a great tech culture, highly competitive compensation packages and employment benefits.
Work within the Infrastructure and Security team defining and improving our general security posture across legacy and greenfield resources including data, applications, and networks
Participate in the automation of software delivery, focusing on embedding security into our coding, testing, and deployment methodology, embracing DevSecOps
Improve our monitoring and alerting systems to enhance them with specific and relevant application security data points
Define and implement measurements that will provide demonstrably positive change in our security posture
Assist as needed with our Security Incident Response process and take lead on responding to specific individual incidents
Five years or more experience in software engineering roles (any of Java/.Net/Python/NodeJS/Ruby)
At least 12 months in dedicated application security roles within teams that practice DevSecOps on public cloud infrastructure
Demonstrable ability to assess software, dependency management, and deployment pipelines from a security perspective
Experience in introducing security testing into software delivery pipelines (CI/CD)
Understanding of secure and defensive coding principles, especially OWASP top 10 or similar guidance frameworks
Understanding of “cloud-native” and 12-Factor applications and how to deploy them securely
AWS Certified Security Specialist or other recognised certification
Knowledge of Windows security (particularly Active Directory)
Knowledge of AWS IAM, VPC security, CloudWatch
Knowledge of some IdP (Okta, OneLogin, Auth0) frameworks and integrations
Offensive or defensive penetration testing experience
Valid through: 11/9/2021
$80K — $100K *
7 days ago
$80K — $100K *
9 days ago