Does the challenge of building new security features for a massive cloud platform get your mind racing? Do you think like a hacker when evaluating software architecture and the resilience of cloud services? Join Acquia and help enhance the security of a the largest sites and brands on the planet, whose Drupal web sites are powered by our PaaS platform and SaaS services built on top of many thousands of AWS EC2 instances.
Acquia is looking for an experienced software security engineer or a cloud software engineer with a security mindset to work across Acquia's products in collaboration with Acquia's engineering, operations and corporate security teams. Although we run PHP & MySQL at a massive scale for our Drupal customers, on the backend we’re building scalable systems, automation and stack enhancements in everything from Ruby to PHP to Go, and storing data in everything from MySQL to DynamoDB. All this is in the part of the overarching goal to be the best place in the world to run Drupal websites.
You will perform security audits, risk analysis, application-level vulnerability testing and security code-reviews on a wide variety of Acquia products. You will also work closely with other Acquia software engineers to enhance our platform security, meet compliance requirements, and add new security features. Top candidates will enjoy analyzing software designs and implementations from a security perspective and will be experienced at discovering subtle security issues that appear under unexpected threat scenarios.
- Perform security testing and design reviews.
- Develop technical solutions to help mitigate security vulnerabilities.
- Advocate security and secure design and coding practices throughout Acquia.
- Modify the platform configuration to meet compliance goals.
- Collaborate with engineering teams to implement customer-facing security features.
- Drive security requirements through designing and building prototypes and / or proofs of concept, ensuring architecture sign offs, delivering design documents and standards, and creating user stories.
- Help develop and deliver presentations on the current state of our security and the security road map.
- Evaluate, implement, and support security-focused tools and services.
- Maintain strong knowledge of common security vulnerabilities, attack vectors, attack methods, and remediation techniques
Desired Skills and Experience:
- Strong software development and technical leadership skills
- Passion for websites and website delivery architecture
- Deep, working knowledge of LAMP stack--OS, web server, and database systems (Linux, Apache, and MySQL preferred)
- Strong Object Oriented Programming experience with a scripting language such as Ruby, Python, PHP, etc.
- Familiarity with AWS EC2, and management of IAM
- Experience with Puppet or similar configuration management tools
- High volume log collection and analysis experience a plus
- Experience with Drupal a plus
- 5+ years experience practicing secure software development and architecture, preferably in an agile environment.
- At least 5 years experience in cloud and/or security architecture and in SaaS services including APIs.
- Knowledge of a broad range of attack vectors and exploits
- Experience working on code reviews, pen-tests, or similar projects
- Experience deploying and using open source and commercial security development and testing tools
- Experience as an open source project contributor a plus.
- Excellent technical documentation skills
- Results driven, creative, professional, persistent, quality oriented, and self-motivated work style.
Acquia is an equal opportunity (EEO) employer. We hire without regard to age, color, disability, gender (including gender identity), marital status, national origin, race, religion, sex, sexual orientation, veteran status, or any other status protected by applicable law.