Security Engineer - Product & Application Security

Summary

Join PagerDuty as a Staff Security Engineer 5 and lead the design, implementation, and configuration of security controls for SaaS applications in a cloud-based infrastructure. Collaborate with engineering teams to identify and mitigate security threats and vulnerabilities. Partner with various departments to foster a security-aware culture. Mentor junior engineers and stay ahead of industry trends. This role requires 7+ years of infrastructure security experience and 5+ years of cloud-native security experience. The ideal candidate will possess expertise in various security technologies and possess excellent communication skills.

Requirements

• 7+ years of experience in infrastructure securing infrastructure, securing infrastructure including IaaS, PaaS, SaaS, including network security
• 5+ years experience with cloud-native security experience, cloud-native based application security best practices
• Experience with Linux operating systems, scripting languages such as Python, configuration languages like YAML, JSON and technologies such as Terraform and/or Cloudformation, configuration tools such as Chef or Ansible
• Experience with AWS cloud security best practices, and AWS security technologies such as AWS IAM, AWS Organizations, AWS Shield, AWS GuardDuty
• Excellent written and verbal communication skills
• The ability to compress intricate security challenges into concise descriptions
• The ability to solve security problems without saying "No"
• You have a track record of stepping up and leading successful security engineering projects
• Past experience with application security, security testing, code reviews and identity and access management
• Past experience with threat analysis, threat hunting, proactive security practices
• Prior experience with Application Security, Secure SDL for cloud native services
• Experience with containerized applications, and technologies, such as Docker and Kubernetes
• Experience working in a continuous delivery/continuous deployment environment

Responsibilities

• Responsible for leading, designing, implementing, and configuring security controls for SaaS applications in a cloud-based infrastructure environment
• Lead complex projects that require in-depth knowledge across technical, solutions, and business, and collaborate across the broader engineering organization
• Identify threats and vulnerabilities, security gaps, and recommend enhancements and changes to increase product and infrastructure security posture
• Support security operations to provide the protection of the confidentiality, availability, and integrity of customer data and building/maintaining customer trust
• Partner with product/engineering, corporate operations, and employees to build and maintain a security-aware culture where everyone understands and plays their part
• Provide thought leadership on modern security operations and help lead our infrastructure security organization in creating trust through security
• Participating in our team’s on-call rotation, triaging and addressing security issues as they arise
• Mentor and grow application security engineers

Preferred Qualifications

Certifications such as AWS Security Speciality, (ISC)2 Certified Cloud Security Professional (CCSP), (ISC)2 CISSP (Certified Information Systems Security Professional)

Benefits

• Competitive salary
• Comprehensive benefits package from day one
• Flexible work arrangements
• Company equity*
• ESPP (Employee Stock Purchase Program)*
• Retirement or pension plan*
• Generous paid vacation time
• Paid holidays and sick leave
• Dutonian Wellness Days & HibernationDuty - companywide paid days off in addition to PTO
• Paid parental leave: 22 weeks for pregnant parent, 12 weeks for non-pregnant parent (some countries have longer leave standards and we comply with local laws)*
• Paid volunteer time off: 20 hours per year
• Company-wide hack weeks
• Mental wellness programs