Snowflake is growing fast and we’re scaling our team to help enable and accelerate our growth. We’re passionate about our people, our customers, our values and our culture! We’re also looking for people with a growth mindset and the pragmatic insight to solve for today while building for the future. And as a Snowflake employee, you will be accountable for supporting and enabling diversity and belonging.
Snowflake started with a clear vision: make modern data warehousing effective, affordable, and accessible to all data users. Because traditional on-premises and cloud solutions struggle with this, Snowflake developed an innovative product with a new built-for-the-cloud architecture that combines the power of data warehousing, the flexibility of big data platforms, and the elasticity of the cloud at a fraction of the cost of traditional solutions. Snowflake: Your data, no limits.
Our Cloud Engineering team is actively seeing a Senior Software Security Engineer to join our growing team. In this role you will assist in developing enterprise cryptographic strategy, integrating, supporting and administration of technologies. You will play an integral role in enabling our organization to establish effective protection against security threats.
Acting as a security mentor to our engineering team, your responsibilities will include designing and implementing secure systems while proactively identifying and fixing security flaws/vulnerabilities. You will utilize your industry experience owning and driving the resolution of complex security incidents, policy questions, technical security issues, implementing security controls, audits, and monitoring systems.
Reporting to the Director of Security Operations, you will have the opportunity to work with Snowflake’s bleeding edge technology and gain experience with AWS/Azure and GCP.
This is a lead individual contributor role with potential to grow into management.
In this role you will get to:
Assist in developing enterprise cryptographic strategy, integrating, supporting and administration of technologies. Including subject matter expertise, around secrets management, PKI, Cloud, and modern cryptographic protocols/constructs and key management
Implement a capability driven and highly automated approach to our security operations, monitoring & detection, incident response capabilities, and our overall information security risk management program efforts
Enhance our security policy, clearly defining the scope of protection and outlines the responsibilities of all relevant parties
Manage and enhance PKI infrastructure, HSM, Key management and data replication management.
Automate operational activities that are part of the maintaining security infrastructure
Set up monitoring dashboards, alerts, log management, and other security operations capabilities by utilizing industry-standard tools and platforms (SIEMs) alongside our currently deployed toolsets/platforms.
Facilitate and embed security controls across our infrastructure and into our CI/CD pipelines
Collaborate with cross functional teams including software engineers to design security systems and solutions that enable developers to operate their services more effectively, securely and safely
On day one we will expect you to have:
15 years of hands on cloud security operations experience with a deep understanding of various technologies in the security domain
Experience with and proven methods for managing the information security incident lifecycle, including incident response, mitigation, after-action reporting, and mapping a path forward.
Programming expertise in Python/Perl/Go required
Hands on experience with Vault by Hashicorp
Proven ability to independently identify and resolve critical and complex issues through effective problem-solving skills
Deep understanding of PKI/PKCS, and cryptographic tools and techniques, including but not limited to RSA, AES, ECC algorithms, hashing algorithms, public/private key encryption, internal PKI design and management, HSM applied use and integrations
Understanding of information security architecture, mitigation of threats, and compensating controls. Deep familiarity with frameworks such as NIST 800-53, ISO 27001
Ability to combine information from various sources into clear, concise technical documents that explain the background and procedures for detecting and mitigating risks
Master’s degree in computer science/Computer Engineering /Cyber security preferred
Snowflake is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, color, gender identity or expression, marital status, national origin, disability, protected veteran status, race, religion, pregnancy, sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances.