Reporting to the head of security, the Security Operations Engineer will operate and refine intrusion detection, assist with vulnerability management, respond to incidents, make infrastructure changes for the team, consult with SRE and assist with audit capacity. Their primary duty is to analyze threats, enable other security engineers to build services, minimize security disruptions to other teams and keep CircleCI in compliance with its FedRAMP, SOC 2 and customer obligations. A typical day will include writing Terraform or Clojure code, examining activity logs and collaborating across multiple engineering teams on strategic initiative projects.
You'll join a highly-distributed team that’s building a paved security path so our team of more than 130 engineers can focus on their core competencies and worry less about security issues. You'll write sustainable, resilient code as part of an engineering organization that values collaboration, trust, and learning. You’ll be part of a team at the heart of CircleCI’s business responsible for build environments used by thousands of development teams every day.
What You’ll Do:
- Establish a refined culture of security observability and monitoring.
- Manage Security Team infrastructure using Terraform, Helm and Kubernetes.
- Partner with Site Reliability Engineering to solve complex operational challenges.
- Write and maintain sustainable, high-quality, high-performance code for infrastructure and security automation.
- Identify and build user-friendly tools to create a paved path for secure development and operations.
- Participate in the Security Team’s on-call incident rotation.
- Respond to bug emails submitted by security researchers and work on remediation.
- Assist Governance, Risk and Compliance as the internal subject matter expert on customer-facing and internal employee security topics.
- Backlog grooming and chipping away at technical debt.
- Build operations in a scalable manner, with effective automation and documentation.
What We're Looking For:
Process makes you feel good. Mentoring is a primary reason why you love your profession. Learning something new every day is essential to your happiness. You are compassionate and genuinely like people. You love looking at ports, audit log configurations, firewall rules and anything related to access control.
Does that sound like you? If so, here’s the experience we’re looking for:
- Security mindset.
- Strong analytical skills.
- SRE or DevOps background.
- Excellent communication skills.
- Calm under high-pressure situations.
- Experience working with Docker, Kubernetes, Terraform, Helm, AWS, and modern distributed SaaS infrastructure.
- Experience with logging and monitoring services such as Graylog, Splunk, ELK, Prometheus/Grafana and Datadog.
- At least 2 years experience with Clojure, Java, Go, or Python and willingness to learn new languages.
- At least 2 years of experience developing and operating production micro-services and distributed systems.
- Web, database, information and/or infrastructure security.
- A focus on delivering high-quality code through strong testing practices.
- Ability to manage customer demands and work with internal stakeholders to solve them.
- Demonstrated ability to lead multiple, complex projects simultaneously.
CircleCI Engineering Competency Matrix:
The Engineering Competency Matrix is our internal career growth system for engineers. This position is level E2. If you’re not sure this is you, we encourage you to apply. Find more about the matrix in this blog post.
We know there’s no such thing as a “perfect” candidate - we’re all a work in progress and are growing new skills and capabilities all the time. CircleCI welcomes those who are enthusiastic about learning and evolving, so however you identify and whatever your background, if this looks like a role where you could do work that excites you, we hope you’ll apply.
Work remotely with our globally distributed team!
We’re a distributed company with teammates across the world. For this role, we are hiring engineers to work remotely in The United States and through our affiliate, Continuous Labs, in the following Canadian provinces: Alberta, British Columbia, Manitoba, New Brunswick, Newfoundland and Labrador, Nova Scotia, Ontario, Prince Edward Island and Saskatchewan.
CircleCI is the world’s largest shared continuous integration and continuous delivery (CI/CD) platform, and the central hub where code moves from idea to delivery. As one of the most-used DevOps tools that processes more than 1 million builds a day, CircleCI has unique access to data on how engineering teams work, and how their code runs. Companies like Spotify, Coinbase, Stitch Fix, and BuzzFeed use us to improve engineering team productivity, release better products, and get to market faster.
CircleCI is proud to be an Equal Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law.