Secure Cloud Engineer
ActiveCampaign is the marketing automation leader for small and mid sized businesses (SMB's) around the globe. Through a sophisticated yet easy-to-use platform and tools, we allow our customers to make meaningful connections to their customers. Often, we are the center of our customer's marketing strategies and critical to their success and future.
As the fastest-growing SaaS company in Chicago, we are scaling rapidly to keep up with market demand. We are growing all of our teams and looking for people who share our values, deliver innovation frequently and join us in our mission to grow our customer base from 80,000 today to millions.
The secure cloud engineering roles plays a key role in ensuring the security of our cloud infrastructure and protection of our sensitive PII data per our information security policy. This person will help identify security gaps and drive remediation activities to close those gaps. This position plays an integral role in defining and assessing the organization's security strategy, architecture and practices as well as contributes to maturing the company's infrastructure security architecture and technology frameworks.
What your day could consist of:
- Be part of the security team to drive security related initiatives including but not limited to creating/maintenance of security policies, implementation of security procedures/controls, and monitoring in conformance to the policy
- Deploy and manage applications to monitor cloud infrastructure security and intrusions
- Perform initial incident triage, determine scope, urgency, and potential impact of security incidents
- Provide guidance and work with the infrastructure team on security best practices around OS hardening, access logging, and patching
- Design, deploy, manage and improve critical security infrastructure services/tools for authentication and authorization, PKI, secrets management, logging, detection, vulnerability management and more
- Work with external auditors on compliance
- Provide security guidance to SRE / DevOps Engineering teams in the company
- Perform security gap assessments and implement remediations
- Run periodic infrastructure vulnerability scans and facilitate pen tests while working with engineering teams on identified vulnerabilities for resolution
- Work with the production operations team on securing and best practices for all our AWS accounts
- Own the overall cloud infrastructure security program
- Monitors industry security updates, changes, technologies, emerging threats and best practices for continuous improvement
What is needed:
- 5+ years of experience in Infrastructure and Information Security
- Experience with OS hardening techniques for Linux environments such as SELinux, disabling root login, sudo, password expiration, etc.
- Experience with access logging, centralized logging, and monitoring/alerting of security log events such as ELK, InsightIDR, Splunk, and SumoLogic
- Experience with applications for monitoring infrastructure security and detecting intrusions such as Threat Stack or Insight IDR
- Working knowledge of incident response, threat modeling, and mitigation
- Working knowledge of common information security management frameworks such as SOC2 Type 2 and ISO27001
- 5+ years working on AWS running multiple production workloads
- Experience designing and implementing access control models for privileged access in fast-paced AWS cloud environment
- Knowledge of AWS security best practices and security controls using AWS services such as Cloudtrail, GuardDuty, IAM, SSO, VPC, etc.
- Strong understanding of common internet protocols such as DNS, SMTP, LDAP, etc.
- Good communication and collaboration skills
- Self-motivated and strong sense of ownership of tasks
- Bachelors or Masters' degree in Computer Science or Information Security or equivalent work experience
ActiveCampaign is an employee-first culture. We take care of our employees at work and outside of work. We'll share all the details later on but in summary: comprehensive health and wellness benefits including no premiums for employees on our HSA plan, open time off plan, generous 401(k) matching with no vesting, lunch and endless snacks/ beverages, reimbursed commuting, education budgets, ongoing learning and development, a proactive approach to diversity and inclusion, career pathing and lots of swag.
Read Full Job Description