Principal Linux Systems Security Engineer
Redwood City, CA

Job Description

This is an exciting time for Shutterfly. In this position you will be an integral part of a developing and expanding Shutterfly's security program, specializing in linux systems. This is a vital role that provides assurance for Shutterfly's critical systems and securely enables business functions broadly across the company. Your focus will be on establishing systems security standards, developing and delivering automation and orchestration solutions to support systems security standards enterprise wide. Primary day-to-day responsibilities will include making changes to various systems to improve overall security posture, designing and building integrations and automation technologies, advising internal infrastructure teams on security best practices and closely coordinating with information security on overall project roadmap items.

We're looking for a person who is just as passionate about fixing a security issue as you are about educating other team members on how to fix it.

Your primary duties and responsibilities will include:

* Design and build security tools and processes for integration and deployment to linux systems across the enterprise
* Develop and support integration and automation within security, monitoring, reporting, and ticketing platforms
* Design, implement and support cloud-based systems security solutions for both public and private cloud infrastructures
* Research and development of modern/next-gen systems security toolsets to augment existing controls
* Design and build hardened configuration requirements for Linux and work with multiple teams to help implement suggested solutions.
* Review and analyze existing processes and suggest improvements for increased security, including operationalization of process and standards improvements
* Conduct security research to keep abreast of latest security issues and help communicate and respond internally to mitigate any identified vulnerabilities

QUALIFICATIONS:

Minimum Qualifications:

* 6-8 years working within Information Technology and 4-6 years specifically in Linux Security engineering.
* Must be well organized, thrive in a sense-of-urgency environment, leverage best practices, and most importantly, innovate through any problem with a can-do attitude.
* Must have understanding of various systems technologies, operating systems, architecture fundamentals, next-generation technology and very strong security understanding
* Demonstrated oral/written communications, and client facing skills

Preferred Qualifications:

* Experience in deploying and maintaining security controls within various public cloud environments (AWS, Azure, Google)
* Experience in deploying and maintaining security controls within on-premises data centers and physical server infrastructures.
* Experience developing automation solutions in scripting/programming languages such as Perl and Unix shell such as Bash (Python a plus)
* Experience with Splunk, RASP technologies, Endpoint security software, and other advanced security and system security tools
* Familiarity with different styles of source control, automation technologies (such as Puppet, Ansible, Terraform and Cloudformation) and CI/CD pipelines
* Experience deploying security agent software for Linux systems and other enterprise technologies
* Proficient in documenting and building detailed systems security diagrams and related documentation
* Understanding of various architectural frameworks and controls (CIS 20, NIST, etc.)
* Understand information security concepts, protocols, "industry best practices"
* Ability to translate infrastructure technologies such as network, database, server issues into risks for threat assessment and monitoring.
* Experience performing systems security analysis, baselining, hardening, and automation across a large diverse set of systems.
* 3-5 years of secure systems design responsibility including practical experience with system security compliance requirements (PCI, SOX, HIPAA, etc.) in a high-volume e-commerce or enterprise environment
* GCUX, CISSP, GSEC, or similar security / unix professional certification

#LI-KM2