Key skills
AWSAzureCloudKubernetesLinuxPythonSQLGoServerlessEKSAKSCloud Security
About this role
Role Overview
- Build and operate Tanium Cloud's detection and response engineering in Azure, AWS, and Kubernetes for detections, analysis, and responses as automation as code using DevOps methodologies
- Continuously evaluate and enhance the design and effectiveness of Cloud and Kubernetes security measures and establish an ongoing program to advance security and close gaps in our defensive posture.
- Proactively characterize unauthorized activity and malicious behaviors in our cloud and container infrastructure and systems through code, testing, and automation
- Develop tailored detection policies, perform testing, and implement automation to observe, evaluate, enhance, and review security information using SecDataOps and best practices.
- Proactively integrate the latest security threats, vulnerabilities, and industry trends to enhance security detection measures and generate intelligence driven hunts.
- Work together with the engineering, IT, and other security groups to create solutions that are expandable and adaptable to protect Tanium Cloud against threats ranging from low-level actors to national cyber-threat agents.
- Build, cultivate, and maintain positive relationships with internal customers to identify and facilitate solutions to increase the impact of the team's work
- Be on periodic on-call for triage of critical events from detections and systems
Requirements
- Bachelor's degree or equivalent experience
- Cloud Security, IT Security, or related technical field preferred
- 5-7 years of experience in cloud security event prevention, detection, response for public cloud systems (e.g. AWS, Azure) within a DevOps environment
- 3+ years of hands-on experience in Kubernetes environment, logging, and runtime security for sensitive container workloads, preferably on AKS and EKS
- Experience in detection and response engineering methodologies, such as building detection cases, proactively identify known and unknown cyber threats, advisory behaviors
- Experience in using security query or analytic tools for security data analysis, such as SQL, KQL, or SPL
- Build and improve security playbooks and runbooks for automating security detection and response
- Solid understanding of modern attacker tactics, techniques, and procedures (TTPs) against Kubernetes, Container, Serverless, Linux host, and Cloud services (e.g. MITRE ATT&CK, building threat intelligence, etc.)
- Experience with security events and incident management in highly regulated hosting environments (e.g. ISO 27001, NIST SP 800-161r3, FedRAMP, Protected B)
- Experience using high-level programming languages (Go, Python) to produce detection-as-code, tools, and automations
Tech Stack
- AWS
- Azure
- Cloud
- Kubernetes
- Linux
- Python
- SQL
- Go
Benefits
- Health insurance
- Paid time off
- Professional development opportunities
- Volunteer time off (VTO)
- Flexible work arrangements