Cloud Cybersecurity Engineer (CCS)

The Basics

The Cloud Cybersecurity Engineer (K8) will collaborate with Detection, Security, and Software Engineers to actively oversee and constantly evaluate and enhance the cybersecurity of Tanium Cloud's services operating on Kubernetes. You will be an integral part of the Tanium Cloud security engineering processes, responsible for the design, implementation, and operation of preventative and detective security controls to identify, assess, and counter risks and threats before impacting Tanium Cloud.   
 

What you'll do

• Establish Tanium Cloud's Kubernetes Continuous Monitoring on both Azure and AWS to apply custom security standards and controls with DevOps practices.
• Consistently review and improve the Kubernetes security baseline design and performance via coding, testing processes, and automation.
• Create a sustained initiative to identify, evaluate, and detail exploitable configurations, vulnerabilities, and potential risks within our cloud and container builds and systems using SecDataOps.
• Stay up-to-date with the latest security threats, vulnerabilities, and industry trends to proactively enhance security detection measures.
• Work alongside engineering, IT, and security teams to create and enhance our security standards with solutions that are both scalable and adaptable.
• Build, cultivate, and maintain positive relationships with internal customers to identify and facilitate solutions to increase the impact of the team's work.
• Be on periodic on-call for triage of critical alerts from detections and systems.

We’re looking for someone with

• Education
  • Bachelor's degree or equivalent experience in DevSecOps, CyberSecurity, or related technical field preferred 

• Cloud Security Engineering Experience:
• • 3-5 years of experience implementing security baselines and performing ongoing assessments of security controls for public cloud systems (e.g. AWS, Azure) within a DevOps environment.
  • 3+ years of hands-on experience in building tailored security controls, policies, baselines, and vulnerability assessments for Kubernetes environments for customer-facing, sensitive container workloads, preferably on AKS and EKS.
  • Reducing common and unique Kubernetes and container vulnerabilities, such as misconfigurations, insecure container runtimes, and supply chain attacks with engineering and security teams.
  • Develop and build custom hardened base images for Docker and cloud as part of secure supply chain with CI/CD tooling.
  • Understand the difference between a CVSS base scoring and custom scoring to prioritize exploitable vulnerability patching and mitigations with engineering teams.
  • Experience in using security query or analytic tools for security data analysis, such as SQL, KQL, or SPL.
  • Experience with …