JOB DETAIL

Responsibilities:

•  Use appropriate programming language and technology, writes code, completes programming and documentation, performs testing and debugging of applications for the enterprise.
•  Deliver and maintain cloud native data protection and security products that span on-prem, and major cloud providers and platforms (i.e. AWS, Azure, Google, Digital Ocean, Rancher, OpenShift )
•  Develop products that would be of value in public/private cloud services, Infrastructure as Code, DevSecOps toolsets, and platforms including compute, storage, networking, containers, monitoring/logging, and Continuous Integration/Continuous Deployment (CI/CD)
• Research cloud native security industry, best practices, and tools Qualifications:
• GoLang programming related must-have qualifications: o Strong knowledge of Go programming language paradigms, constructs, and idioms o Knowledge of common Goroutine, Channel patterns and implementation of General Design patterns/anti-paterns in Go. o Dependency management tools such as Go mod o Development expertise in building and consuming web services using REST/JSON/Arvo/gRPC/Protobuf o Experience writing Unit tests and ability to debug programs in Go
•  Cloud Native Security experience o Experience with securing container deployments, Kubernetes, managed Kubernetes PaaS services, Agile environments, and DevOps environments preferred o 2-4 years of experience securing cloud deployments on common platforms like Microsoft Azure, Amazon Web Services, or Google Cloud Platform preferred o Experience with of Automation frameworks, DevSecOps best practices, etc. o Knowledge of application security concepts, static/dynamic security analysis, software composition analysis, secrets management, WAF, RASP and related tools. o Security features in cloud providers (e.g, Azure AWS, etc.) o Security penetration testing and auditing using security-related tooling
• Basic understanding with network security and networking technologies and with system, security, and network monitoring tools ? Some experience building applications running in Kubernetes environment. ? Systems Programming on Linux Nice to have:
• Some experience with Vulnerability Assessment tools (Nexpose, Nessus, Burp) desired
•  Understanding of OWASP top 10 – vulnerabilities and how to defend against these attacked
•  Experience with deployment orchestration, automation, and security configuration management (Jenkins, Puppet, Chef, etc) preferred. ? Performs Network and Web Application Penetration testing ? Proficient with Qualys, Nessus, Metasploit, Armitage, Kali Linux, and other security tools
•  Industry standards-based documentation, certification, and accreditation such as NIST SP 800-53, FIPS 140-2/3, and Security Technical Implement Guides (STIGs) and bringing components into compliance with these standards
• Familiarity of regulatory requirements (i.e., PCI, HIPAA, GLBA, SOX) and security frameworks (e.g.,NIST 800-53, OWASP, CSA cloud control matrix, MITRE etc.)
• Relevant security certifications such as OSCP, ISC2 CISSP, SANS, CEH, etc. are a major plu