The Cloudbeds team is composed of the greatest minds in technology and travel. Together, we build innovative technology products used to operate and grow lodging businesses all over the world and connect those lodging businesses to travelers from every corner of the globe. Our aim is to make the world a more welcoming place; after all, we understand the value of travel and share a love of different cultures, people, and places.
We’re looking for the world’s best technology innovators who want to help us reinvent the world of tech in travel and who love to travel as much as we do. Our hundreds of team members are spread over 40 countries, speaking 30+ languages. So, how do we do it? We have been a #remotefirst company since our founding in 2012, and we encourage every member of our team to work from wherever they are around the globe.
As a Senior DevSecOps Engineer - Infrastructure at Cloudbeds, you will help to further secure our customer data, applications, and infrastructure from quickly global and growing cybersecurity threats. You will leverage your experience within the security space to work closely among security, product, and engineering teams to assess and remediate risk, as well as design and support new security-related processes within our Software Development Life Cycle. You will maintain an understanding of and defend against the latest threats. As a DevSecOps Engineer at Cloudbeds, you will play an important role in our delivery of an exceptional experience to our customers all around the world with security at top of mind.
This is an opportunity to be on the ground floor of a company completely transforming the world of travel technology. You will be an essential member of the team as we march toward our goal to power every lodging business in the world.
Location: Europe (Remote)
What You Will Do:
- Collaborate on efforts to architect and improve the security of Cloudbeds’ infrastructure in AWS, leveraging automation and best practices in coordination with the infrastructure and architecture teams at Cloudbeds.
- Build and implement security controls for our platform and infrastructure, with a focus on automating security and compliance
- Help identify security threat models and make suggestions for improvements
- Maintain a list of security, privacy, and/or compliance related technical debt and work with our Technology (Infrastructure, DevOps, Software Engineering, Architecture, Product, etc.) teams to prioritize and address, and escalate if necessary
- Gain a thorough knowledge of attack vectors that may be used to exploit software and/or infrastructure
- Assist with customer communications around security concerns or questions
- Educate team members about Security and Privacy, including security/privacy practices, principles, and infrastructure security practices
- Act as a first responder for security incidents, helping the team prioritize and remediate appropriately
- Serve as a consultant to team members on security vulnerabilities and their corresponding remediations, ensuring security vulnerability scan outputs are reviewed and appropriate actions are taken
- Support and contribute to business security requirements, such as the creation of security policies, procedures, and processes, responding to Requests for Proposal (RFPs) related to security, etc.
You’ll Succeed With:
- Bachelor’s degree in Computer Science or a related technical field.
- 2+ years experience as a Security Engineer working in AWS.
- 5+ years experience in a security engineering position.
- 7+ years experience in IT.
- Strong experience securing infrastructure in AWS (IAM, VPC, Route 53, ELB, EC2, Lambda, RDS, Redshift, Elasticache, S3, etc.) via automation.
- Strong experience implementing security monitoring, logging, and alerting (AWS GuardDuty, AWS Inspector, AWS Security Hub, Datadog, Splunk, CloudWatch, etc.).
- Strong experience with securing containerized environments (Docker, Kubernetes)
- Strong experience with implementing security measures as Infrastructure as Code (Terraform)
- Strong experience with embedding security into Continuous Integration (CI)/Continuous Delivery pipelines.
- Experience securing critical production environments having hundreds to thousands of servers.
- Experience building, scaling, and automating infrastructure vulnerability management programs and tools (Qualys, Nessus, Rapid7, etc.)
- Experience working in a PCI-compliant engineering environment.
- Exceptional written and verbal communication in English.
- Ability to work remotely and manage your own time in an international team.
Nice To Haves:
- Security-related certifications (AWS Certified Security - Specialty, CISSP, CSSLP, CCSP, Security+, etc).
- Experience securing Elastic Kubernetes (EKS) platforms
- Experience securing immutable AMIs/containers
- Experience working in an Agile Scrum environment
- Experience securing microservices and Service-Oriented Architectures (SOA).
- Experience securing REST and GraphQL APIs.
- Experience supporting compliance efforts.
- Experience working with Atlassian products (JIRA, Bitbucket, Confluence).
Our company culture supports flexible working schedules with an open Paid Time Away policy and gives all team members the opportunity to travel and work remotely with great people. If you think you have the skills and passion, we’ll give you the support and opportunity to thrive in your career. If you would like to be considered for the role, we would love to hear from you!
Company Awards to Check Out!
- Fastest Growing Companies | Inc. 500 (2018 & 2019)
- Best Places to Work | Inc Magazine (2017 & 2018)
- Best Places to Work | HotelTechReport (2018, 2019, 2020, 2021)
- Start-Ups to Watch | Forbes (2018)
- Best Startup Employers | Forbes (2020)
- Technology Fast 500 | Deloitte (2019, 2020, 2021)
- Top 100 North America | Red Herring (2020)
- Connect MIP Award (Technology)