Senior Security Engineer, Streamlit Community Cloud

See more jobs from Snowflake Inc.

over 1 year old

This job is no longer active

Build the future of data. Join the Snowflake team.

As a member of the Security Assurance team, you’ll be responsible for maintaining (and raising) the security bar for the Streamlit Community Cloud and across our suite of products. Streamlit is an open-source Python library that makes it easy to create and share beautiful, custom web apps for machine learning and data science. You can help secure the platform to ensure the continued adoption and high customer trust in Streamlit and all Snowflake products.

We are looking for motivated, passionate experts in security engineering who have a broad base of security knowledge, but also have depth in one or more security domains. Snowflake has multiple engagement models to support the secure development of our products. We have a decentralized, developer-driven model, as well as a centralized, embedded resource model. We need experienced security engineers to drive and support both.

Our ideal candidate wakes up each morning thinking about ways to scale security. Their goal is to lower risk while letting the business move quickly and safely. They believe Security should be an inherent property of the tools and processes engineers use every day. 

RESPONSIBILITIES :

  • Support scalable product security reviews by building developer-friendly processes and tools
  • Design, plan, and execute projects which identify security requirements, promote the use of secure defaults, and verify the security of implementations
  • Perform security code review, vulnerability impact analysis, and recommend effective risk mitigations
  • Deploy and manage security automation tools, including SAST, DAST, and SCA, to catch security bugs early and provide actionable feedback to developers
  • Consult with development teams to provide: design reviews, risk assessments, prioritized security requirements, and support during implementation
  • Plan and scope pen tests, review findings, provide guidance to the team on mitigation plans
  • Work with stakeholders to develop platform abuse detection, prevention and response plans
  • Onboard projects to Snowflake bug bounty program and assist with triage and remediation of vulnerability reports

MINIMUM QUALIFICATIONS :

  • 5+ years experience deploying services on public cloud infrastructure
  • Expert understanding of software security architecture and design, threat modeling, code review, SDLC best practices, and mitigations for common application security issues
  • Fluency in one or more programming or scripting languages: Java, Python, C++, Go, TypeScript
  • Experience deploying and customizing security tools to detect threats and lower risk: vulnerability scanners, static analyzers, web application firewalls, endpoint security monitoring, etc.
  • Knowledge of web and security protocols: HTTP, REST, CSP, CORS, OAuth
  • Demonstrated ability to collaborate with other teams to achieve complex objectives

PREFERRED QUALIFICATIONS :

  • 7+ years experience working in an information security discipline
  • Prior experience working in a high growth, cloud native technology company
  • Understanding of modern cloud technology components and deployment patterns: virtual machines, containers, Kubernetes, serverless, infrastructure as code, etc.
  • Familiar with linux fundamentals such as namespaces, cgroups, processes, filesystem etc.  
  • Applied cryptography experience including: symmetric/asymmetric encryption, hashing, HMAC, TLS PKI, etc.
  • Ability to write SQL queries and build dashboards, metrics, and reports to drive security outcomes
  • Experience using CI/CD pipelines to perform automated security testing
  • Have read and are capable of implementing ideas from “Site Reliability Engineering”, “Building Secure & Reliable Systems”, or “Engineering Trustworthy Systems”
  • Contributions to the security community, such as open source tools, research papers, conference talks, etc.