At CloudFlare, we have our eyes set on an ambitious goal -- to build a better web. We believe that with our talented team, smart technology and engaged users we can solve some of the biggest problems on the web. We already serve more web traffic than Twitter, Bing, Wikipedia, Amazon, Apple and Instagram combined. Anytime we push a line of code, it affects over 200 million web surfers overnight. We are still a small team, well-funded, growing quickly and focused on building a world-class company.
Here at CloudFlare we have one of the most sophisticated, fast paced engineering environments you will ever come across. From broad usage of Docker containerization through to highly available ultra-secure build tools it isn't an environment for the faint of heart. We are looking for an Infrastructure Security person who wants to work with cutting edge technologies to solve security problems at massive scale. The ideal candidate will be a hacker/problem solver who understands what it takes to build highly secure development environments at scale.
We are looking for an Infrastructure Security Engineer to join our team. The ideal candidate can think both tactically in dealing with security incidents and strategically in anticipating future threats against our infrastructure.
This position will also have the opportunity to engage across the CloudFlare organization in support of ongoing initiatives, ensuring that best practices for security and risk management are embedded in project and process life cycles.
- Conduct security reviews of core infrastructure.
- Carry out network and application penetration testing and vulnerability scanning.
- Help establish and maintain corporate security best practices.
- Work with the engineering team to architect highly performant, secure automated development systems
- Work with the tools team to build secure development tools
- Work with the Network and Engineering team to maintain a consistent, secure architecture
- Interface with customers, partners, and industry peers at security conferences.
- 5+ years experience in Security Engineering
- Comfortable writing code in at least one of PHP, GO, Lua, Java (preferably more than one)
- Familiar with the challenges of processing security events at scale
- Experience in running information security programs, including but not limited to penetration testing, vulnerability scanning, red team exercises.
- Knowledge of network-based and system-level attacks and mitigation methods.
- Deep knowledge of vulnerabilities and exploits.
- Familiarity with log formats and host or network based intrusion detection systems.
- Strong foundation in and in-depth technical knowledge of security engineering, computer and network security, authentication and security protocols and applied cryptography.
- Strong familiarity with virtualized environments whether hypervisor based or container based and in particular knowledge of the security issues that are specific to them.
- Familiarity with build tools and automation in software engineering - such as in Continuous Integration (CI) environments
- Good understanding of high frequency build/delivery and DevOps
- Knowledge of vulnerability management using tools like Nessus
- Knowledge security SIEMs like AlienVault, SecurityCenter
- Ability to travel to the data centers positioned worldwide, within North & South America, EMEA and APAC regions
The following requirements are not mandatory but would be advantageous
- Knowledge of software defined networks
- Knowledge of docker and docker security requirements
- Familiarity with automated vulnerability analysis tools
- Familiarity with automated code review tools
We offer competitive salaries, equity, fantastic health benefits plan, a new laptop, monthly CalTrain / BART pass for commuters and the opportunity to work with a smart, motivated team where you will see your contribution daily. Our sunny offices are based in SOMA in San Francisco, CA.
Sound like somewhere you'd thrive? We'd love to hear from you. Submit your resume and a short paragraph to introduce yourself.
CloudFlare is a security company. All prospective employees will be subject to an extensive background check.
CloudFlare is an equal opportunity employer and does not discriminate against any employee or applicant on the basis of age, color, disability, gender, national origin, race, religion, sexual orientation, veteran status, or any classification protected by federal, state, or local law.