How do you feel when you've eliminated an entire class of potential security issues - across an entire Development organization - and ensured through automation that it will stay that way? We'd love for you to experience this thrill with us on the Tableau Product Security team! We're seeking a self-motivated engineer to lead our efforts in building security scanning into our continuous integration build pipeline, and enabling development teams with secure, foundational tools and resources. You'll be joining a group of like-minded engineers who are passionate about building robust products, leveraging automation testing and tooling, and scaling solutions to meet the security needs of a large development organization.
What you'll be doing...
- Integrating static analysis and other security scans into build and test pipelines, and ensuring through automated processes that corresponding findings are appropriately visible, tracked, and addressed.
- Helping define "gold standard" images, tools, libraries, frameworks, and/or coding techniques that enable and streamline secure software development.
- Helping conduct security reviews to help teams understand risks to their services before they see the light of production.
- Identifying key risks, communicating them, and collaborating with engineering teams to build a plan to address them.
- Advocating for security across the company to both engineers and leadership.
- Scaling yourself by training Tableau Security Champions on engineering teams.
Who you are...
- An Engineer at Heart. Preferably with a cross-platform engineering background, who admires well-designed, scalable systems.
- Experienced.You've worked in and around the security field for 5 - 10 years, preferably in multiple domains such as risk, policy, hardening, incident response, cryptography, IAM, networking, application security, or security assessments.
- Automation-focused. You get twitchy when you're doing something robots should be able to do. An ability to automate processes and standards is required (Python, Ruby, Go, Powershell, Java, etc).
- A Good Communicator. You could explain SQL injections to your non-technical relatives, and have them writing parameterized queries in no time. You'll be contributing to security reviews across a large number of teams helping them understand risks and how to address them.
- Broad Security Awareness and Leadership. You've worked in multiple security areas, and have driven maturity improvements in significant portions of a security engineering program.
- You are a Recruiter! Tableau hires company builders and, in this role, you will be asked to be on the constant lookout for the best talent to bring onboard to help us continue to build one of the best companies in the world!