Senior CCS Security Engineer

Summary

Join Tanium as a Senior Cloud Cybersecurity (CCS) Security Engineer (IAM) and collaborate with engineers to build, operate, and defend Tanium Cloud's Identity and Access Management (IAM) across AWS, Azure, and Kubernetes. You will design, implement, and operate preventative and detective controls to mitigate risks and threats. Responsibilities include building and operating IAM infrastructure-as-code, designing security strategies, enhancing IAM security measures, characterizing unauthorized activity, developing IAM detections and policies, staying updated on IAM security threats, and building relationships with internal customers. The role requires a Bachelor's degree or equivalent experience, significant experience in cloud security and IAM, and hands-on experience with various technologies and tools. Tanium offers a competitive salary, equity awards, and a comprehensive benefits package.

Requirements

• Bachelor's degree or equivalent experience
• 5-7 years of experience in cloud security prevention, detection, response for public cloud systems (e.g. AWS, Azure) within a DevOps environment
• 5+ years of experience in building and operating cloud-based Identity and Access Management with AWS and Azure as code, including cloud organizations, account, identity, access secrets, role, and policy management for both humans and machines
• 3+ years of hands-on experience in securing identity and access controls for cloud-hosted Kubernetes clusters and their workloads (i.e. custom RBAC roles, workload identities, Open Policy, Operator Framework, Service Meshes, Hierarchical Namespaces ) with K8 service teams, preferably on AKS and EKS
• Explicit hands-on experience using infrastructure-as-code (i.e. Terraform, CloudFormation, ARM) to manage cloud IAM service configurations, such as Azure Entra ID, Azure MyApps, Azure Policies, AWS Organizations, and AWS Organizations Service Control Policies (SCP)
• Familiar with SAML2, OAuth2, and OIDC for Single Sign On (SSO) with federated identity access brokers (i.e. MyApps, Cognito, KeyCloak) for internal and external customer use
• Experience in detection engineering methodologies, such as building detection cases, proactively identify known and unknown cyber threats, advisory behavior
• Experience in using security query or analytic tools for security data analysis, such as SQL, KQL, or SPL, to enable SecDataOps
• Build and improve IAM security playbooks and runbooks for automating security detection and response
• Solid understanding of modern attacker tactics, techniques, and procedures (TTPs) against cloud provider, Kubernetes, and open source IAM services (e.g. MITRE ATT&CK, building threat intelligence, etc.)
• Prior experience implementing and tailoring identity, authentication, and authorization security controls from ISO 27001, SOC 2, or NIST SP 800-53 security control frameworks for confidential workloads
• Utilize robust analytical and problem-solving capabilities to confirm our hypotheses using precise data and in-depth root cause investigation
• Experience using high-level programming languages (Go, Python) to produce detection-as-code, tools, and automations
• Experience managing cloud infrastructure as infrastructure-as-code (e.g. Terraform, CloudFormation, ARM, Pulumi, Helm)
• Deliver high quality PRs daily using modern software engineering development and automation tools like Git and CI/CD pipelines (i.e. Jenkins, GitHub Actions)
• Deliver quality and velocity of contributions using DevOps principles
• Relentless desire to automate the mundane to focus on solving the harder problems
• Experienced engineer who can put out fires under pressure when things go wrong in production environments and address the root causes of those fires for the future
• Has knowledge of a variety of modern backend software frameworks and the versatility to learn new tools and languages

Responsibilities

• Build and operate Tanium Cloud's Identity and Access Management (IAM) in Azure, AWS, and Kubernetes as infrastructure-as-code and policy-as-code using DevOps methodologies for multiple CCS owned cloud environments
• Design and implement our security strategy and controls with Security and Software Engineering teams for just-in-time and just-enough access for human and machine identities with Tanium Cloud services and cloud resources
• Continuously evaluate and enhance the design and effectiveness of IAM security measures and establish an ongoing program to advance our IAM security and close gaps in our defensive posture
• Proactively characterize unauthorized activity and malicious behaviors against our Tanium Cloud internal and external IAM services with Detection Engineers
• Develop tailored IAM detections and enforcement policies, perform testing, and implement automation to monitor, assess, and audit security information using SecDataOps and detection engineering best practices
• Stay up to date with the latest IAM security threats, vulnerabilities, and industry trends to proactively enhance security prevention and detection measures
• Build, cultivate, and maintain positive relationships with internal customers to identify and facilitate solutions to increase the impact of the team's work
• Be on periodic on-call for triage of critical alerts from detections and systems

Preferred Qualifications

Cloud Security, IT Security, or related technical field preferred

Benefits

• Medical, dental and vision plan
• Family planning benefits
• Health savings account
• Flexible spending account
• Transportation savings account
• 401(k) retirement savings plan with company match
• Life, accident and disability coverage
• Business travel accident insurance
• Employee assistance programs
• Disability insurance
• Other well-being benefits
• Equity awards
• 5 days set aside as volunteer time off (VTO)