Member of Technical Staff - Cloud Security

This role focuses on implementing modern DevSecOps technologies and pioneering new security tools, processes, and capabilities for cloud-native solutions. The candidate will secure OnPrem and Public Cloud environments using Infrastructure as Code, establish security policies for Docker, Kubernetes, and Public Cloud Platforms, and automate application security by embedding SAST, DAST, API Security, and Penetration Testing into the development workflow. This involves accelerating container security, driving vulnerability management, and maintaining secure integrations between various development tools.

Must Have

• Secure OnPrem and Public Cloud environments leveraging IAC.
• Establish and implement security policies for Docker, K8s, and Public Cloud Platforms.
• Implement and automate Application Security policies (SAST, DAST, API Security, Penetration Testing).
• Accelerate container security with pipeline development.
• Drive vulnerability management and remediation with product teams.
• Manage and maintain secure integrations between tools like Gitlab, Jenkins, JIRA.
• Implement solutions for event log collection and SIEM.

Good to Have

• Security penetration testing & threat modelling.
• Secrets Management leveraging Hashicorp Vault.

Perks & Benefits

• Global Great Place to Work certification
• Top Workplace for ten consecutive years
• Unique culture based on growth mindset, customer-focus, and diversity, equity, inclusion & belonging
• Bonus
• Reasonable accommodation for applicants and employees

Description

Position at Wind River

Wind River is a global leader in delivering software for mission-critical intelligent systems. For more than four decades, the company has been an innovator and pioneer, powering billions of systems that require the highest levels of security, safety, and reliability.

Wind River helps customers across automotive, aerospace, defense, industrial, medical, and telecommunications industries solve complex technology challenges on their journey toward the new intelligent machine economy. The company’s software powers generation after generation of the safest, most secure systems in the world. Examples include playing a key role in NASA space missions such as Artemis I, the James Webb Space Telescope, and multiple Mars rovers. We’ve achieved recent 5G milestones including the world’s first successful 5G data session with Verizon and building one of the largest Open RAN networks in the world with Vodafone.

The company has received industry recognition for its technology innovation and leadership, and for its workplace culture, including global Great Place to Work certification and being named a “Top Workplace” for ten consecutive years. If you want to be part of a unique culture where the lived experience is based on our cultural attributes of growth mindset, customer-focus, and diversity, equity, inclusion & belonging, come join us and help advance the future software defined world.

YOUR ROLE

As a Member of Technical Staff on our team, you’ll focused on implementing modern DevSecOps technologies, pioneering new security tools, processes and capabilities for cloud-native solutions.

The candidate must have experience in securing cloud-native development environments and be a highly adaptable team player who can quickly ramp up on new technologies and accomplish goals in a fast-paced agile environment. A combination of strong technical and communication skills is a must, along with an unbounded desire to learn new technologies and their application.

In your daily job you will:

• Secure OnPrem and Public Cloud environments leveraging IAC
• Establish, implement security policies for Docker, K8s and Public Cloud Platforms
• Implement and automate Application Security policies by embedding SAST, DAST, API Security and Penetration Testing in the product development workflow
• Accelerate container security with pipeline development
• Drive vulnerability management and remediation in partnership with various product teams
• Manage and maintain secure integrations between tools like Gitlab, Jenkins, JIRA, and many more.
• Implement solutions for event log collection and SIEM.

HOW YOU WILL CONTRIBUTE

Key skills and competencies for succeeding in this role are:

• Expertise in cybersecurity principles with a desire to increase knowledge and strong analytical skills.
• Experience in Architecting security features on cloud providers (Azure AWS, GCP etc.), On Prem and Hybrid environments.
• Hands-on experience using tools like Coverity, BurpSuite, ZAP, Trivy, PRISMA Cloud, Tenable, Rapid7 etc.
• Working experience designing and implementing Application, network, back-end security-enhancing features
• Deep knowledge of vulnerability management, remediation, and troubleshooting skills
• Security penetration testing & threat modelling would be a plus.
• Industry standards-based documentation, certification, and accreditation such as NIST SP 800-53, NIST 800-171, FEDRAMP, and Security Technical Implement Guides (STIGs) and bringing components into compliance with these standards
• Strong foundation of DevSecOps principles, Infrastructure as Code including Terraform and Helm

,Container and Cluster hardening

• Excellent programming skills using Python, Go etc.
• Proficiency in pipeline automation leveraging Gitlab, Jenkins, Jira etc.
• Secrets Management leveraging Hashicorp Vault is a plus
• Experience with Agile and Scrum
• Self-managed, fast learner, and strong problem-solving skills.
• Excellent verbal and written communication skills and a good listener.
• Exceptional team player who works well in collaborative situations.
• Ability to brainstorm and represent competing ideas simultaneously.
• Growth mindset who is passionate about learning and applying new technologies.
• 8+ years of relevant technical experience in cybersecurity with 2+ years of experience in software engineering.
• BE / MTech degree (Computer Science, Electronics Engineering, or equivalent technical degree)

SECURITY CLEARANCE REQUIREMENTS

Successful candidates must engage in a security clearance process in regard to their citizenship in order to perform fundamental job duties, as per applicable law. In particular, candidates with certain citizenship may not be able to perform such fundamental job duties. Currently, this includes citizens of the following countries: Belarus; Burma; China; Cuba; Iran; North Korea; Syria; Venezuela; Afghanistan; Cambodia; Central African Republic; Cyprus; Democratic Republic of Congo; Ethiopia; Eritrea; Haiti; Iraq; Lebanon; Libya; Russia; Somalia; South Sudan; Sudan; Zimbabwe. The security clearance process may take a significant amount of time to complete, and any offer of employment will be contingent on the candidate's legal ability to perform the fundamental job duties. Wind River is committed to meeting its obligations to candidates under applicable human rights law and privacy law in this regard.

Compensation

The annual base salary range for this role’s listed grade level is currently $150,000 to $206,200 plus a bonus . Salary ranges are determined through interviews and a review of the education, experience, knowledge, skills, location, and abilities of the applicant, and equity with other team members.

• * *

Wind River is an Equal Opportunity Employer with a commitment to diversity. We prohibit discrimination based on race, color, religion, gender, national origin, age, disability, veteran status, marital status, pregnancy, gender expression or identity, sexual orientation or any other legally protected status.

Diversity is foundational for Wind River’s business success. We want to be a workplace of choice for all people and we value the unique perspectives offered by a diverse workforce. Wind River does not unlawfully discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity or expression, national origin, citizenship, disability, protected veteran status, age, ancestry, medical condition, genetic information, marital status, pregnancy, or any other legally protected status. This principle applies to all areas of employment: recruitment and hiring, training, performance evaluations, promotions and transfers, compensation and benefits, and social and recreational programs.

Wind River desires to be an employer of choice with an inclusive environment for all individuals. As part of this goal and in compliance with various laws and regulations, Wind River provides reasonable accommodation to applicants and employees. Requests for reasonable accommodation for applicants and employees are examined on a case-by-case basis. Please let us know if you need a reasonable accommodation for any part of the application, interviewing, hiring or at any other time during the employment process. You can email us at: benefits@windriver.com

. Please do not include personal medical information in the email.

More information about federal laws that prohibit job discrimination can be found at:

www1.eeoc.gov/employers/poster.cfm

www.dol.gov/ofccp/regs/compliance/posters/pdf/OFCCPEEOSupplementFinalJRFQA_508c.pdf

« Read More »