高级安全运营工程师
关于Toptal
Toptal是一个由全球顶尖商业人才组成的网络, 设计, 以及使公司能够扩大团队规模的技术, 随需应变. 年收入超过2亿美元 团队成员遍布全球, Toptal是 世界上最大的完全远程劳动力.
We take the best elements of virtual teams and combine them with a support structure that encourages innovation, 社会互动, 和有趣的. We see no borders, move at a fast pace, are never afraid to break the mold.
工作总结
作为Toptal的高级安全操作工程师, 你将与开发部合作, 它操作, 基础设施团队, 和风险 & 合规, empowering the company with the knowledge and tools needed to protect Toptal’s products vigilantly. You help to ensure they are well-armed to maintain the highest security standards, 维护公司的未来. 你将进行评估, 自动化操作工作流, 对工程部进行安全培训.
这是一个偏远的位置. 我们不提供签证担保或协助. 简历和沟通必须用英文提交.
职责:
- The following information is intended to describe the general nature and level of work being performed. It is not intended to be an exhaustive list of all duties, responsibilities, or required skills.
- 运行安全评估并建议开发人员进行补救.
- Educate staff on personal, 企业, architecture, development security best practices.
- Contribute to application 设计s and solutions and assist with code reviews.
- 把安全问题提上日程.
- Conduct targeted educational sessions and workshops to elevate the security knowledge of staff across personal, 企业, 建筑, 发展领域.
- Champion security within the organization by proactively identifying and raising security issues, 并倡导安全第一的做法.
- Maintain security development lifecycle and integrate them into the CI pipeline.
- 开发和维护主动监控工具.
- Provide timely and adequate information about the current state of Toptal security.
- 承担风险 & 合规 on 企业 security practices, standards and policies.
- 对任何正在进行或已完成的事件作出回应, 帮助团队找到根本原因, 设定可能的行动点.
在第一周,期望:
- 并集成到Toptal.
- Rapidly begin learning about Toptal’s history, culture, vision.
在第一个月,期望:
- 完成强制性培训.
- Get familiar with the tools we use to assess and improve the security of our applications.
- Have a good understanding of our infrastructure setup and critical applications.
- 将您的第一张票交付完成.
- 开始与其他团队合作.
在前三个月,预期:
- 为漏洞管理过程做出贡献, escalating vulnerabilities in used frameworks and technologies and communicate to developers on how to mitigate them.
- Own the team’s backlog by creating new tickets and grooming existing ones when necessary.
- 努力实现团队目标.
- 开始参与值班轮岗.
在前六个月,期望:
- 参与设计/实现决策.
- 调查安全事件并采取后续行动.
- 建议并实施流程和工具的改进.
- Improve the security audit of our applications (integrate new security tools, 将当前的解决方案扩展到更多的项目, 创建带有指标的仪表板, 并为我们的团队设置自动通知).
- 保持安全意识 & education sessions and develop appropriate materials for the whole company.
任职资格及职位要求:
- 3年以上应用程序安全工作经验, with a strong understanding of security principles and practices across engineering teams.
- Demonstrated ability to lead security initiatives and spread a comprehensive security mindset across engineering areas.
- 熟练指导, 指导, providing guidance to engineering teams to enhance their security skills and awareness.
- Experience in developing and proposing security guidelines and best practices tailored to diverse engineering needs.
- Solid background in application development using at least one modern programming language.
- 熟悉CI/CD工具,如Docker, 詹金斯, 和GitHub Actions, 以及云平台(最好是GCP).
- Knowledge of Infrastructure as Code (IaC), with experience in tools like Terraform.
- Understanding of OWASP methodology, awareness of web and mobile vulnerabilities.
- Familiarity with common security standards such as ISO/IEC 27000-series, GDPR, SOC2, PCI.
- Experience in using 科协 and DAST tools like Snyk, BurpSuite, OWASP ZAP, others.
- 熟悉云遵从工具,如InSpec.
- Strong problem-solving skills with the ability to consider and integrate multiple solutions.
- High enthusiasm for technology with a proactive approach to learning and adopting new tools and practices.
- 接受并欣赏建设性的反馈, promoting a collaborative and learning-focused work environment.
- Holds one or more current, valid security-related certifications (preferred).
- 优秀的书面和口头沟通能力, capable of effectively articulating security concepts to diverse audiences.
- 能适应快节奏的工作, rapidly growing company and handle a wide variety of challenges, 最后期限, 还有各种各样的联系人.
- You must be a world-class individual contributor to thrive at Toptal. 你在这里不仅仅是为了告诉别人该怎么做.