As our Staff Software Engineer - Platform Security Lead, you’ll provide robust, elegant, maintainable frameworks that provide security for Sumo Logic’s platform. This is a highly distributed, fault tolerant, multi-tenant platform written in Scala running in the AWS cloud, that includes bleeding edge components related to storage, messaging, search, and analytics. The Platform Security team is responsible for authorization, authentication, and security of our APIs, applications, content and configuration of our users without sacrificing quality, performance, scalability, and reliability of the system.
What you will be working on:
- Work with product development teams to ensure robust, secure service posture from design over implementation to operation of Sumo Logic applications and cloud services
- Design and develop the federated multi-tenancy authentication and authorization model used across all our solutions to enable the complex security needs of our customers
- Analyze and improve the efficiency, scalability, and reliability of our platform security components
- Review and prioritize platform security findings and provide hands-on security engineering expertise across a wide variety of technology platforms, assessing risk, crafting fixes, and implementing them in partnership with our dev and QE staff
- Assist in handling platform security incidents and work with our software security response team
- Write robust code; demonstrate its robustness through automated tests
- Work as a member of a team, helping the team respond quickly and effectively to business needs
Your experience and skills include:
- M.S. in Computer Sciences or related discipline (PhD is a plus)
- 10+ years of industry experience with a proven track record of ownership and delivery
- Experience with authentication protocols, Identity and Access Management, Access Control, Secure Software Development, Cloud Security, OAuth, etc
- Experience with SSO (Single-Sign-On) technologies including SAML and federation of identities (IdP initiated and SP initiated), multi-factor authentication
- Information Security expertise in cloud security architectures, designs, and engineering using technologies, solutions, or frameworks inclusive of OWASP, SIEMs, firewalls, etc
- Familiarity with authentication and authorization concepts and technologies for federated multi-tenant SaaS and web applications.
- Object-oriented programming experience, for example in Java, Scala, Ruby, or C++
- Understand performance characteristics of commonly used data structures (maps, lists, trees, etc)
- Desire to learn Scala, an up-and-coming JVM language (scala-lang.org)
These additional skills would be highly desirable:
- Experience in multi-tenant and/or 24x7 commercial service
- Experience designing/building scalable REST API’s for distributed microservices
- Experience with AWS environments and services will be big plus (e.g. EC2, ELB, SQS, KMS, Cloudwatch, etc)
- Happy working with Unix (Linux, OS X)
- Agile software development experience (test-driven development, iterative and incremental development) is a plus
Democratize machine data analytics through the Sumo Logic platform, bringing real-time data insights securely through the cloud.
Funding and Growth:
We have raised $345 million in funding to date, with the most recent round being May 2019. Investors include Battery Ventures, Greylock Partners, Sutter Hill Ventures, Accel Partners, Sequoia Capital, Sapphire Ventures and DFJ Growth. Our recurring revenue and customer base are growing steadily. We serve over 2,000 customers across the globe including Alaska Airlines, Anheuser Busch, Hootsuite, Hearst, Hudl, Major League Baseball, Marriott, Medidata, Sauce Labs, Samsung SmartThings, SPS Commerce, Twitter, Telstra, Toyota, Zuora and more.