Principal GCP Offensive Cloud Security Engineer - Uptycs Remote (United States) Bookmark Share Print 113 0 0

Listing Description

Uptycs builds best-in-class cloud security products that leverage lightweight tools, built on open source software, to collect everything that can help detect, understand, and mitigate a wide variety of security problems. We run on laptops and cloud workloads, monitor Kubernetes and serverless containers, analyze AWS/GCP/Azure configuration and CloudTrail events, emulate threat actor behavior in cloud, containers, network, Windows, and Linux environments - you name it! We feed it into a cloud-based security analytics platform that provides comprehensive visibility, threat detection, posture management, remediation, vulnerability management and compliance tracking. We analyze petabytes of data, process millions of events per second, and run a control plane that enables continuous scanning for vulnerabilities, misconfigurations, and APT malware on all major cloud providers and hundreds of thousands of macOS, Linux, and Windows endpoints.

Uptycs enables security professionals at companies such as Comcast, Flexport and Lookout (and many more we have an NDA with!) to quickly prioritize, investigate, and respond to potential threats across a company's entire attack surface.

We’re looking for a talented Principal Cloud Security Engineer who is well-versed in red team/offensive security. The right candidate will be knowledgeable, have hands-on offensive cloud security experience, passionate about cloud security threats, energetic, thrive in a fast-paced environment, and work well in an agile team atmosphere. As part of a fast growing engineering organization, you’ll be working alongside technical product managers and security engineers who have passion for building highly scalable software products. Your R&D offensive cloud security threat contributions will be critical to shaping our overall cloud security and compliance product strategy on GCP.

What You'll Do:
  • Perform full exploitation of multiple cloud environments
  • Research, validate, and document new & existing attack vectors targeting GCP platforms
  • Research and identify threats to previously identified cloud vulnerabilities 
  • Research, validate, and maintain relevant tools needed for red team operations
  • Stay up-to-date with attacker techniques and tools
  • Work closely with security engineering and technical product management to translate technical security requirements into business security requirements, and vice-versa
  • Collaborate with senior technical leaders across engineering, infrastructure and other organizations to solve complex problems and deliver end-to-end solutions
  • Have autonomy to move in many different directions

    • What We're Looking For:
  • 2+ years of experience in a cloud security red team role 
  • Solid understanding and experience with GCP, specifically with their security-related products and services and how to exploit them
  • Familiarity & hands-on experience with effectively using offensive tools and platforms such as GCPhound, gcploit, GCPBucketBrute, GCP Scanner, Kali Linux, etc.
  • Ability to use these tools to scan, enumerate, exploit, and move laterally
  • Deep knowledge of tactics (privilege escalation; lateral movement; exfiltration, etc.) and techniques used by threat actors across cloud, containers, network, Windows, and Linux resources
  • Expertise performing threat modeling and design reviews to assess security implications for GCP workloads and applications
  • Lead technical viewpoints and make prudent technical risk decisions
  • Ability to influence business and technology directionStrong operational security skills
  • Align teams and orgs towards simple, coherent security designs
  • Aptitude to quickly come up to speed on new technology concepts
  • A passion for resourceful and creative problem-solvingStrong interpersonal and communication skills; ability to work in a team environment
  • GCP Professional Cloud Security Engineer certification or related is a plus
  • Naturally gravitate towards thinking like a threat actor would!
    • Uptycs is an Equal Opportunity Employer. All applicants will be considered for employment without attention to race, color, religion, sexual orientation, gender identity, national origin, veteran or disability status. Uptycs is a progressive and open-minded workplace where we do not tolerate discrimination or harassment in any form. If you are smart, passionate and good at what you do, come as you are.

    Listing Details

    • Citizenship: Not Provided
    • Incentives: Not Provided

     

    • Education: Not Provided
    • Travel: Not Provided
    • Telework: Not Provided

    About Us

    AtmosJobs is a community-run job platform developed by SaaS professionals. Our unique approach of focusing strictly on Cloud positions allows us to personalize the user experience.

    Useful Links

    Our Contacts

    1765 Greensboro Station Pl.
    Suite 900
    Tysons Corner Va 22102

    (703) 594-7765

    requests@atmosjobs.com
    www.atmosjobs.com