Cloud Security Engineer Segment.Com
San Francisco, CA

Job Description

Overview

At Segment, we believe companies should be able to send their data wherever they want, whenever they want, with no fuss. Unfortunately, most product managers, analysts, and marketers spend too much time searching for the data they need, while engineers are stuck integrating the tools they want to use. Segment standardizes and streamlines data infrastructure with a single platform that collects, unifies, and sends data to hundreds of business tools with the flip of a switch. That way, our customers can focus on building amazing products and personalized messages for their customers, letting us take care of the complexities of processing their customer data reliably at scale. We're in the running to power the entire customer data ecosystem, and we need the best people to take the market.

The Security team at Segment is building a comprehensive security program in order to protect our customer's data. We work with different organizations across the company to ensure our security practices and controls are constantly improving. In order to keep our engineers as productive and happy as can be, we need those controls, processes and tools to be lightweight and easy to navigate to help us carefully limit AWS and GCP infrastructure. This is a top-tier business problem that you as a Cloud Security Engineer at Segment could dig into right away. Security is the most important thing happening in engineering, and will always have strong support and high internal visibility by company leadership.

Who we are:

We're a small team of experienced security engineers with diverse technical and non-technical backgrounds. We're a passionate group of individuals who enjoy challenging traditional, prescriptive security techniques of the past and adapting or creating them to work with Segment's modern development technologies and practices. We talk about our methods and accomplishments in public blogs, at conferences, and in presentations. If you want to be this kind of security person and work with a team that's like you to create innovative security solutions for distributed systems and architecture, we'd love to hear about your approach and introduce you to our team.

A little more about our team:

* We showcased the importance of making security tooling more usable by demoing our OWASP ZAP contributions at Appsec USA
* We discussed our overall approach to our security engineering program at LASCON
* Our CISO's approach to Building a Security Team and Program
* We deleted every employees' AWS keys!
* We help organize the OWASP SF chapter, the AppSec California, B-Sides SF, and Day of Shecurity conferences

What we do:

* We write software to monitor and correct our security posture in AWS and GCP
* We work with other engineering teams to secure their infrastructure
* We evangelize and reward good security behavior and hygiene throughout the company
* We're proud of the code we write, and believe we can build automation to enable our engineers to be secure and remain productive.

Who we are looking for:

* You are hands on and can write software.
* You have AWS experience and/or an understanding of how cloud infrastructure works.
* You're focused, driven and can get challenging projects across the finish line.
* You're empathetic, patient and love to help your teammates grow.
* You understand a broad range of security technologies and how they work, not necessarily all of the details.

What You Get Out of It:

* A welcoming and collaborative environment with people who love security.
* Mentoring and support to work on the things that are important to you.
* The opportunity to give back to the security community through open-source projects, blogging, conference talks, etc.

Projects We're Working On:

* Automated monitoring and remediation of security issues in Segment's massive AWS, GCP and Kubernetes environments.
* Processing huge amounts of CloudTrail logs to monitor and automatically detect security issues in real time.
* We used Okta and Terraform to delete all employee AWS keys and better manage our AWS multi-account strategy.
* We worked with our tooling and infrastructure teams to build an automated secrets management solution for our hundreds of services.

Requirements:

* You have 2+ years of engineering experience in a production-cloud environment.
* You're a capable subject-matter expert on security issues and technologies.
* You have working knowledge of service-oriented architectures and software development, as well as experience with different tools and technologies fit for a cloud environment.
* You've practiced your CloudSec craft most recently in cloud datacenters and with container technology, and you have experience in at least one of AWS, GCP or Kubernetes
* You are excited to work across the stack on different security challenges and initiatives

Segment is an equal opportunity employer. We believe that everyone should receive equal consideration and treatment in all terms and conditions of employment regardless of sex, gender (including pregnancy, childbirth, breastfeeding or related medical conditions), sexual orientation, gender identity, gender expression, race, color, religion, creed, national origin, ancestry, age (over 40), physical disability, mental disability, medical condition, genetic information, marital status, domestic partner status, military or veteran status, height, weight, AIDS/HIV status, and any other protected category under federal, state or local law. Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.