Sr Engineer - API Security
JOIN US AS AN API SECURITY ENGINEERSimilar Industry Titles and Key Words: Engineer, DeveloperYou should join our team. We're the team that makes api.target.com. It's not every day that you'll get to use some of the technologies we've chosen, and do it at the scale we're using them at. We want to level up even more on security across all these technologies from both the the developer and operational perspectives.Starting with the way we do development, all the way to production systems, we need a person who will spot the bad stuff, vulnerabilities, weak points, etc and fix them. You'll have a lot of free range to do that with the tools and ways you know how to do that best. We're the kind of team that actually gets excited about finding and squashing a clever or complex vulnerability, so getting devs to help fix something isn't an issue.Here's a smattering of approaches important to us and the technologies we use:
- Everything we do is “as-code” in version control. We don't like clicking buttons or doing things manually.
- All development or infra config changes go through a pull-request process, so you'll always have a say to thumbs up or down things you catch.
- Everything should have test cases and they go through a continuous integration process
- We understand the importance of logs and metrics, so having visibility to things you need to see to do your job isn't an issue. And if you need to add more metrics or see more logs, it's within our control to improve that.
- We try to own as much of the platform as we reasonably can. You don't need to rely on other teams outside our own to improve security on the stack or change the way we do things.
- Our stack runs across bare metal and OpenStack internally. We're also taking advantage of the public cloud in a big way.
- API Stack: Grails, Spring Boot, Cassandra (in a big way), Kafka, Apache Camel, Nginx, Node.js, Fastly
- Infrastructure: OpenStack, public cloud, Chef, Terraform, Consul, ZooKeeper, Squid, StatsD, Kafka, InfluxDB, Grafana, some Splunk, growing use of logstash and elasticsearch, Sensu, RabbitMQ, Redis, Runscope, PagerDuty
- Dev: GitHub Enterprise, Jenkins, Artifactory, HipChat
- Highly productive, self-motivated self-starter
- Experience identifying and predicting threats, anomaly detection, and applying security at various layers of a typical web application stack
- Able to develop custom security solutions
- Experience with aspects of security in private and public cloud environments
- Strong foundation in and in-depth technical knowledge of security engineering, network security, security protocols, and applied cryptography
- Passionate about staying current with new and evolving technologies and areas of security
- BA/BS or equivalent experience
- 5-7 years total work experience
- Has in-depth knowledge of state-of-the art engineering technical approaches in design, build, testing, debugging problems as required by domain
- Maintains technical knowledge within areas of expertise
- Stays current with new and evolving technologies via formal training and self-directed education