Senior Cloud Security Engineer

Summary

Join Form3's team of defensive security engineers to build and run security controls for multi-cloud payment systems. You will advise engineering teams on security features and prioritize defensive controls. Essential requirements include extensive Linux command-line experience, Kubernetes security expertise, public cloud security knowledge, and a strong understanding of security practices and tradeoffs. Desirable qualifications include offensive security experience, experience with multiple cloud environments, and familiarity with Form3's tech stack (Golang and Terraform). The role involves on-call responsibilities and requires strong communication and presentation skills. Form3 is a remote-first organization with various hiring locations.

Requirements

• Live on the linux command line
• Your current research and experience back up your opinionated views on security practices and tradeoffs, which you love to openly debate and willingly share
• You’re sought after for your Kubernetes security expertise and have developed complex heavily customised multi-cluser environments
• Your security expertise extends to at least one public cloud, including essential security features and long-term security hardening practices
• You appreciate building systems with good engineering practices and may have a background in software engineering at scale
• You’re open to being a part of our on-call rota, ready to respond if we have a severe, platform-impacting security tooling failure or need second-line security incident response assistance

Responsibilities

• Build and run defensive security controls for highly-available multi-cloud payment systems running the latest technology
• Understand current threats, exploitation paths and risk tradeoffs in order to advise engineering teams on beneficial security features as well as prioritise management of defensive controls

Preferred Qualifications

• You have an interest in offensive security, potentially including participation in CTFs and past experience as a red team operator or pen tester
• You’ve developed security configurations in multiple public and private clouds
• You’re a confident presenter and have accelerated appreciation of security across engineering teams
• You regularly support building and analysis of threat models using a well defined process
• You have experience securing data centers and networking devices
• You’re terrified by supply chain and CI/CD security, but have good patterns for reducing the risks
• Your engineering experiences matches Form3’s tech stack – including Golang and Terraform