Senior Security Engineer

Summary

Join Docker, a remote-first company experiencing exponential growth, as a Senior Security Engineer. You will be a key advisor, collaborating with engineering and product teams to integrate security into the software development lifecycle. Responsibilities include embedding security best practices, designing secure cloud configurations, establishing automated monitoring, and performing security assessments. This role requires extensive experience in security engineering, software development, and cloud security, along with strong communication skills. You will contribute to a security-conscious culture and influence product strategy. Docker offers competitive benefits, including parental leave, a technology stipend, and professional development opportunities.

Requirements

• Have at least 5+ years of experience security engineering roles, with a focus on product security, infrastructure security, ideally in a cloud-first environment
• 3+ years of experience developing in Python or Golang
• Have knowledge of secure coding principles and experience with security testing tools (SAST, DAST) within CI/CD pipelines
• Understand, authentication, authorization, including technologies like OAuth, SAML, OIDC, MFA, cryptography applications and Zero Trust principals
• Strong cloud expertise with hands-on experience in cloud ecosystems (e.g: AWS, GCP, or Azure)
• Knowledge on securing containerized environments: (Docker, Kubernetes) and implementing runtime security tools
• Previous experience evolving and enforcing policies to assist co-workers in maintaining corporate and cloud security
• Familiar with data privacy and compliance regulations (e.g, SOC 2, ISO 27xxx, GDPR, CCPA, FIPS) aligning security initiatives
• Ability to explain complex security concepts clearly to both technical and non-technical stakeholders developers, executives and non-technical stakeholders
• Have previous experience in a fast-growing startup where security processes and policies were built from the ground up

Responsibilities

• Play a pivotal role in the integration of security into our software development lifecycle, enhancing the security posture of our applications
• Embed security best practices within the Software Development Lifecycle (SDLC), including secure coding, code review, and application security testing
• Partner closely with engineering to drive security architecture and processes that implement security controls across our software and systems
• Design and enforce security configurations in cloud environments (e.g. AWS), including IAM roles, security groups, and VPC segmentation
• Establish automated monitoring and alerting to detect anomalies or potential breaches across cloud infrastructure
• Maintain cloud and infrastructure security: AWS Security Hub, AWS IAM, AWS Key Management (KMS), OPA for Terraform
• Take ownership, define strategy, and drive improvement for part so our security program such as threat modeling, secrets management, or container security
• Plan and perform product security assessments including architecture review, threat modeling, code review, pen testing and general security consulting to proactively build security controls
• Partner with detection and response to create new capabilities or respond to security events
• Work with leadership to align security initiatives with business goals, ensuring that security is a core component of product and infrastructure
• Serve as a security subject matter expert for software security and architecture
• Educate and collaborate with cross-functional teams (e.g., engineering, product) to promote security practices
• Have the ability to participate in our incident response team on-call rotation

Benefits

• Freedom & flexibility; fit your work around your life
• Home office setup; we want you comfortable while you work
• 16 weeks of paid Parental leave
• Technology stipend equivalent to $100 net/month
• PTO plan that encourages you to take time to do the things you enjoy
• Quarterly, company-wide hackathons
• Training stipend for conferences, courses and classes
• Equity; we are a growing start-up and want all employees to have a share in the success of the company
• Docker Swag
• Medical benefits, retirement and holidays vary by country