Lead Software Engineer - Platform Security
Redwood City, CA

Job Description

In June 2017, Sumo Logic announced another $75M funding round led by Sapphire Ventures, with participation from new and existing investors including DFJ Growth, Greylock Partners, Sequoia Capital, and others ( https://www.sumologic.com/press/2017-06-27/75-million-funding-round/). This brings our total funding to $235.5M to date. Sumo Logic's business has scaled significantly. We have also enjoyed consistent growth in our recurring revenue and customer count to over 1,600+ customers, reflecting every major vertical and company size.

Who Are We?

We are a secure, cloud-native, machine data analytics service, delivering real-time, continuous intelligence from structured, semistructured and unstructured data across the entire application lifecycle and stack. Our mission is to democratize analytics, making it accessible, simple and powerful for businesses of all sizes to build, run and secure their organizations. With Sumo Logic, customers can harness the power of machine data to gain operational business and customer insights that lead to competitive advantage and differentiated customer experience.

What we do:

Sumo Logic was founded in 2010 by experts in log management, scalable systems, big data, and security. We imagined a world of Yottabyte-scale machine data, where machine learning algorithms and advanced analytics could make sense of it all. Today, our purpose-built, cloud-native service analyzes more than 100 petabytes of data, more than 16 million searches, and delivers 10s of millions of insights daily - positioning Sumo among the most powerful machine data analytics services in the world. Our customers around the globe rely on Sumo Logic for the analytics and insights to build, run and secure their modern applications and cloud infrastructures. With Sumo Logic, customers gain a service-model advantage to accelerate their shift to continuous innovation, increasing competitive advantage, business value and growth.

The proliferation of machine log data has the potential to give organizations unprecedented real-time visibility into their infrastructure and operations. With this opportunity comes tremendous technical challenges around ingesting, managing, and understanding high-volume streams of heterogeneous data.

As a Lead Platform Security Engineer, you'll provide robust, elegant, maintainable frameworks that provide security for Sumologic's platform. This is a highly distributed, fault tolerant, multi-tenant platform written in Scala running in the AWS cloud, that includes bleeding edge components related to storage, messaging, search, and analytics. The platform security team is responsible for authorization, authentication, and security of our APIs, applications, content and configuration of our users without sacrificing quality, performance, scalability, and reliability of the system.

Responsibilities:

* Work with product development teams to ensure robust, secure service posture from design over implementation to operation of Sumo Logic applications and cloud services.
* Design and develop the federated multi-tenancy authentication and authorization model used across all our solutions to enable the complex security needs of our customers
* Analyze and improve the efficiency, scalability, and reliability of our platform security components.
* Review and prioritize platform security findings and provide hands-on security engineering expertise across a wide variety of technology platforms, assessing risk, crafting fixes, and implementing them in partnership with our dev and QE staff.
* Assist in handling platform security incidents and work with our software security response team.
* Write robust code; demonstrate its robustness through automated tests.
* Work as a member of a team, helping the team respond quickly and effectively to business needs.

Requirements:

* B.S., M.S., or Ph.D. in Computer Sciences or related discipline
* 7+ years of industry experience with a proven track record of ownership and delivery
* Experience with SSO (Single-Sign-On) technologies including SAML and federation of identities (IdP initiated and SP initiated), multi-factor authentication
* Experience with authentication protocols, Identity and Access Management, Access Control, Secure Software Development, Cloud Security, OAuth, etc…
* Information Security expertise in cloud security architectures, designs, and engineering using technologies, solutions, or frameworks inclusive of OWASP, SIEMs, firewalls, etc...
* Familiarity with authentication and authorization concepts and technologies for federated multi-tenant SaaS and web applications.
* Object-oriented programming experience, for example in Java, Scala, Ruby, or C++.
* Understand performance characteristics of commonly used data structures (maps, lists, trees, etc).
* Desire to learn Scala, an up-and-coming JVM language (scala-lang.org).

Desirable:

* Experience in multi-tenant and/or 24x7 commercial service is highly desirable.
* Experience designing/building scalable REST API's for distributed microservices.
* Experience with AWS environments and services will be big plus (e.g. EC2, ELB, SQS, KMS, Cloudwatch, etc)
* Happy working with Unix (Linux, OS X).
* Agile software development experience (test-driven development, iterative and incremental development) is a plus.

Apply online at https://www.sumologic.com/company/careers/