Schibsted Media Group is an international media group with 6800 employees in 31 countries. From Mexico to Malaysia, from Brazil to Norway – millions of people interact with Schibsted companies every day: We ensure that all sorts of things can be sold, from new and old sofas to coffee machines and any sort of valuable items. We also make it possible for news reports to be read and watched whenever, wherever and in any way users want. These two examples are just some of the ways our services empower people all around the world in their daily lives.
Platform Services is the technology division within Schibsted, with offices in many cities around the world, including in London, Stockholm, Barcelona and Oslo. Our philosophy is built on keeping an open mind, challenging ourselves and the status quo. If you are driven, ambitious, not afraid of challenges and thrive on finding new solutions, we want to hear from you.
One of the missions of Platform Services is to develop the global product platforms and technology infrastructure necessary to create developer pipelines, big data processing, media management, payment, security and identity systems. With over 250 million monthly active usersunder our belt, we are able to harness huge amounts data to provide insights on a global scale. Together with our deep local expertise, we have a winning combination.
At Platform Services we face a massive scale in highly critical production environments on a daily basis, a huge amount and diversity of users, large systems, lots of great teams and employees, etc. This massive scale comes with unique challenges both from technical and operational perspectives. If you want exposure to large scale environments as well as exposure to best of breed technologies (AWS, Mesos, Spinnaker, Docker, ...) this role is for you.
- Build tools for automated incident handling.
- Coordinate and perform incident response globally.
- Provide secure base images (Host, Docker) on top of which teams can build services.
- Consult, evangelise, and teach product teams on how to protect their assets.
- Improve our intrusion detection and incident response capabilities.
- Continually improve your technical and collaboration skills.
- Engage and participate in the security community.
- Maintain, operate and improve the team's services.
Minimum Job Qualifications
- Significant proven hands on experience in security engineering
- Experience in, at least, one of the following topics: Incident handling, System and network hardening, Intrusion detection and prevention, Computer forensics, DDoS mitigation, Vulnerability management
- Experience with web technologies (Web applications, REST APIs, Microservices Oriented Architectures)
- Proactivity and ability to absorb and rapidly adapt to new technologies and paradigms
- Development experience, with programming languages like Python, Go, Ruby, C/C++, Java, and using version control software like git.
- Willing to travel occasionally (mainly to London, Oslo and Stockholm)
- Feeling comfortable communicating in English in a working environment
- See computer security and its challenges as a game and enjoy it
Preferred Job Qualifications
- More than 3 years of experience working with similar challenges
- In-depth technical knowledge of networking, applications and operating system security
- Solid understanding of public cloud models (e.g. AWS, Microsoft Azure, OpenStack, Google Compute or App Engine) and their security implications
- Solid understanding of the Docker, Kubernetes, and Mesos architectures and security models
- Experience with CI/CD tools (e.g. Travis, Spinnaker, Jenkins)
- Experience with security tooling and features in AWS or other cloud providers
- Experience with configuration management tools (e.g. Ansible, Puppet, Chef)
- Strong understanding of vulnerability models, systems and software hardening
- Knowledge of DevOps culture (infrastructure-as-code, “you build it, you run it”, etc.) and its implications for security
- Good communication skills
With global expansion and growing brand recognition, we have expanded the security team significantly in recent years, and we are continuing to grow. To support that growth, we are currently looking for experienced Security Engineers to identify and assume technical leadership over new projects related to platform hardening, incident response, computer forensics, etc.
Have you ever wondered about how security incidents are investigated in an environment where infrastructure continuously appears and disappears? Have you thought about the impact of DDoS attacks in an infrastructure-as-code environment? How would you harden systems where every engineer has full control over their configuration? Would you be able to detect and deflect attacks on a platform where every service is different?