Security Engineer, Assurance

At Yugabyte, we are on a mission to build the default database for cloud native applications in a multi cloud world. We are well underway on this journey with YugabyteDB, the open source, high-performance, distributed SQL database that runs on any cloud and enables developers to get instantly productive using well-known APIs. And the best is yet to come! We are looking for talented and driven people to join us on our ambitious mission and help us build a lasting and impactful company.We are looking for a security engineer assurance who is passionate about cybersecurity and enjoys working  in a fast-paced startup environment, and who has a strong desire to learn new technologies.The Security Engineer manages the vulnerability management program and tooling, performs security assessments and leads major security initiatives: Web Application Security, Least-privilege principle, Secrets Management, Key Management, PKI and Certificate Management, Anti-fraud protection. Responsibilities also include incident response and root cause analysis

Responsibilities:

• Manage security tools(Snyk, Fossa, Trivy)
• Manage vulnerability programs. Triage vulnerabilities, assign priorities and owners, follow up on the mitigation 
• Monitor license violations.  
• Perform Security Assessments and Threat Modeling
• Security Incident Response. Be part of security-on-call team in PagerDuty, act as incident commander, perform Root Cause Analysis 
• Drive security initiatives(Web Application Security, Least-privilege principle, Secrets Management, Key Management, PKI and Certificate Management, Anti-fraud protection)
• Given our fast pace and startup nature, things change over time and your job responsibilities will too.

Requirements:

• BS/MS degree
• Web application security experience
• Familiarity with a modern SaaS infrastructure and application development
• Manual and/or automated Penetration Testing (white box, black box & gray box)
• Experience in scripting languages(BASH, Python, JS, etc) 
• Good understanding of security risk(OWASP Top 10)
• Nice-to-have: CEH, CSSLP, GIAC, OSCP, OSCE, or other related industry recognized certifications 
• Familiarity with major security protocols 
• Collaboration, transparency and integrity

Interview Process: Health and safety remain a top priority for all of our roles. As such, all Yugabyte interviews are held virtually, so we can all continue doing our part with social distancing and containment efforts. Although we are based in Silicon Valley, we hire exceptional folks wherever they are! Our process usually lasts 2-3 weeks, and consists of a phone screen, Zoom interviews including senior leaders.Our Benefits: Remote workCompetitive SalaryFull Health BenefitsMonthly Wellness ReimbursementInternet and Phone ReimbursementHome Office Setup ReimbursementEqual Employment Opportunity Statement:As an equal opportunity employer, Yugabyte is committed to a diverse workforce. Employment decisions regarding recruitment and selection will be made without discrimination based on race, color, religion, national origin, gender, age, sexual orientation, physical or mental disability, genetic information or characteristic, gender identity and expression, veteran status, or other non-job related characteristics or other prohibited grounds specified in applicable federal, state and local laws.#LI-Remote