At CloudFlare, we have our eyes set on an ambitious goal -- to build a better web. We believe that with our talented team, smart technology and engaged users we can solve some of the biggest problems on the web. We already serve more web traffic than Twitter, Bing, Wikipedia, Amazon, Apple and Instagram combined. Anytime we push a line of code, it affects over 200 million web surfers overnight. We are still a small team, well-funded, growing quickly and focused on building a world-class company.
Here at CloudFlare we have one of the most sophisticated, fast paced engineering environments you will ever come across. From broad usage of Docker containerization through to highly available ultra-secure build tools it isn't an environment for the faint of heart. We are looking for an Infrastructure Security Manager who wants to lead a team that works to secure the most cutting edge technologies to help us solve security problems at massive scale.
We are looking for an Infrastructure Security Manager to lead our infrastructure security team. The ideal candidate can think both tactically in dealing with security incidents and strategically in anticipating future threats against our infrastructure.
This position will need to engage across the CloudFlare organization in support of ongoing initiatives, ensuring that best practices for security and risk management are embedded in project and process life cycles. So the ability to communicate, mentor and guide engineers will be a critical in order to be successful.
- Own infrastructure security across the business
- Lead security reviews of core infrastructure and services globally.
- Lead the team responsible for network and application penetration testing and vulnerability scanning.
- Responsible for establishing and maintaining security architecture best practices.
- Responsible for managing vulnerability disclosure program.
- Work with engineering teams to architect highly performant, secure automated development systems
- Work with the Network and Engineering team to maintain a consistent, secure architecture
- Own and maintain our security monitoring architecture
- Interfaces with customers, partners, and industry peers at security conferences.
- 5+ years experience in Security Engineering
- Good communication and leadership skills.
- Comfortable writing code in at least one of PHP, GO, Lua, Java
- Familiar with security architecture best practice and current industry recommendations.
- Familiar with the challenges of processing security events at scale
- Experience in running information security programs, including but not limited to penetration testing, vulnerability scanning, red team exercises.
- Knowledge of network-based and system-level attacks and mitigation methods.
- Deep knowledge of vulnerabilities and exploits.
- Strong foundation in and in-depth technical knowledge of security engineering, computer and network security, authentication and security protocols and applied cryptography.
- Strong familiarity with virtualized environments whether hypervisor based or container based and in particular knowledge of the security issues that are specific to them.
- Good understanding of high frequency build/delivery and DevOps
- Knowledge of vulnerability management using tools like Nessus
- Knowledge security SIEMs like AlienVault, SecurityCenter etc
- Ability to travel to the data centers positioned worldwide, within North & South America, EMEA and APAC regions
The following requirements are not mandatory but would be advantageous
- Knowledge of software defined networks
- Knowledge of docker, kubernetes and relevant security requirements
- Familiarity with automated vulnerability analysis tools
- Familiarity with automated code review tools
- Some knowledge of common compliance requirements
We offer competitive salaries, equity, fantastic health benefits plan, a new laptop, monthly CalTrain / BART pass for commuters and the opportunity to work with a smart, motivated team where you will see your contribution daily. Our sunny offices are based in SOMA in San Francisco, CA.
Sound like somewhere you'd thrive? We'd love to hear from you. Submit your resume and a short paragraph to introduce yourself.
CloudFlare is a security company. All prospective employees will be subject to an extensive background check.
CloudFlare is an equal opportunity employer and does not discriminate against any employee or applicant on the basis of age, color, disability, gender, national origin, race, religion, sexual orientation, veteran status, or any classification protected by federal, state, or local law.