Acquia is the open digital experience company. We provide the world's most ambitious brands with products built around Drupal to allow them to embrace innovation and create customer moments that matter. At Acquia, we believe in the power of community and collaboration — giving our customers and partners the freedom to build tomorrow on their terms.

Headquartered in the U.S., we have been named one of North America’s fastest growing software companies by Deloitte and Inc. Magazine, rated a leader by the analyst community, named one of the Best Places to Work in India by Great Place to Work. We are Acquia. We are building for the future and we want you to be a part of it!

Senior Application Security Engineer

Does the challenge of finding security flaws in custom application code get your mind racing? Can you think like an attacker to misuse and break cloud services? Join Acquia and help improve the security of the largest sites and brands in the world, whose Drupal apps are powered by our PaaS platform and SaaS services built on top of many thousands of AWS EC2 instances.


Acquia runs one of the world's largest Platform as a Service (PaaS) offerings. Our Drupal optimized cloud runs on over 18,000 AWS instances and delivers billions of page views monthly for our clients, running some of the largest and most high-demand websites in the world. We are seeking hardworking application security engineers with a strong security mentality who are willing to take the initiative to resolve important problems across multiple products at Acquia, with a focus on our cloud hosting platform.

Our cloud engineering team utilizes a variety of programming languages and technologies to take on many exciting architecture and scalability challenges. Although we run PHP & MySQL at a substantial scale for our Drupal customers, on the backend we’re building scalable systems, automation and stack enhancements in everything from Ruby to Go, and storing data in everything from MySQL to DynamoDB.

At Acquia, we work on a variety of exciting projects ranging from running massive microservice infrastructures, to building highly available database clusters using the latest technologies, to building streaming log pipelines and ultimately being the best place in the world to run Drupal websites. We’re one of Amazon’s largest partners and run our workloads in 9 AWS regions.

Job Description:

  • Be a Security Champion in an agile SecOps team owning and operating the services you build
  • Design and develop tools that automatically deploy, maintain, and monitor LAMP-based hosting environments
  • Research, specify, and test cloud hosting architectures using your web, database, and OS knowledge
  • Debug the toughest distributed systems production issues
  • Share your expertise with customers, partners, and the open-source community via blogs, papers, talks, etc.

Job Requirements:

  • Strong software development and technical leadership skills
  • Passion for websites and website delivery architecture
  • Deep, working knowledge of LAMP stack—OS, web server, and database systems (Linux, Apache, and MySQL preferred)
  • Strong Object Oriented Programming experience with a scripting language such as Ruby, Python, PHP, etc.
  • Web security and compliance experience (e.g., Firewalls, IDS/IPS systems, DDOS prevention and PCI-DSS, HIPAA, FedRAMP, etc.)
  • Linux packages (e.g., Debian or RPM packages); RHEL and Ubuntu experience
  • Networking (e.g., TCP/IP, Routing, DNS, load balancing, HTTP caching, clustering, VPN, etc.)
  • Holistic understanding of the Internet and hosting from the network layer up through the application layer.
  • Excellent organizational and communication skills, both verbal and written
  • Cloud hosting experience (e.g., Amazon Web Services, Google Compute, Azure, etc.)
  • 3+ years of related experience (mid to senior level role)
  • BS in Computer Science or equivalent experience
  • Ability to work effectively across multiple teams and get results

Extra Credit:

  • Languages: Go, RUST, Java
  • Experience with threat modeling, especially for web application and web APIs
  • Cloud security experience (VPC, IAM, Security Groups, CloudTrail, etc.)
  • Web and web API Development (e.g., Drupal, Symfony2, ruby applications like Sinatra)
  • Configuration management (e.g., Puppet, Ansible, CloudFormation, etc.)
  • Containerization: Docker, LXC, etc.
  • Automated testing experience—Jenkins, TravisCI, unit tests, system tests, etc.
  • Kubernetes: Hands-on, working experience securing K8s deployments according to “hard multi-tenancy” guidelines and methods.

Individuals seeking employment at Acquia are considered without regard to race, color, religion, caste, creed, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation. Whatever you answer will not be considered in the hiring process or thereafter.

Apply for this Job

* Required