Desired Skills and Experience
- Conduct operations security reviews including Detection and Response, Identity and Access Management, Network Security, and Systems Security.
- Create threat models, test plans, policy and procedures ensuring security is front and center for services hosted on public cloud infrastructure like AWS.
- Design architecture, methods, and controls required to meet security, compliance, and audit requirements.
- Find and fix security and privacy flaws across the cloud infrastructure.
- Monitor and track progress of found security issues and maintain the history.
- Monitor system logs, SIEM tools and network traffic for unusual or suspicious activity.
- Work with Pure’s Information Security team to correlate Pure1 logs with internal security events, where applicable.
- Develop tools to automate security testing and enable more efficient discovery and resolution of operations security problems.
- Respond to cloud operations security incidents and provide postmortem analysis to illuminate the issue, and identify causes, possible solutions, and preventative measures
- Maintain awareness of up-to-date threat and vulnerability profiles.
- Develop a protocol to assess reports of infrastructure vulnerabilities received from external sources
- Develop a protocol to inform Pure’s customer base of vulnerabilities within the platform
- Help define and evolve company-wide online security standards/procedures for large SaaS environments
- Strong knowledge of cloud computing stacks : SaaS, PaaS, IaaS
- Strong knowledge of AWS, with a security mindset, is critical to success in this role.
- In-depth knowledge of VPCs, ELB, Security Groups, IAM and ACLs
- Experience with SIEM products
- Experience in DevOps environments and maintaining security in CI/CD processes
- Experience with regulatory compliance audits and standards such as SOC 1 and 2, and ISO 27001
- Expertise in AWS CLI, JAVA and/or Python
- Good understanding of SaaS development and deployment process and agile s/w development methodologies.
- Ability to talk to developers in their language/lingo and coming to solutions that will address security in a less impactful way
- Flexible vacation - take time off when you need it
- Exceptional medical benefits with 100% employer paid premiums
- Commuter benefits for public transit and bicycle commuters
- A stipend, reissued every 3 years, to buy whatever workplace tools (computer, screens, wireless headphones, desks, chairs, etc) you like
- Free lunches, dinners, and fully stocked snacks & beverages
- Lounge areas with ping pong, foosball, pinball, and arcade games
- Company ski trips, boat parties, BBQs, happy hours, game nights… just to name a few!