Principal Cloud Security Engineer - Segment Personas 🔥
At Segment, we believe companies should be able to send their data wherever they want, whenever they want, with no fuss. Unfortunately, most product managers, analysts, and marketers spend too much time searching for the data they need, while engineers are stuck integrating the tools they want to use. Segment standardizes and streamlines data infrastructure with a single platform that collects, unifies, and sends data to hundreds of business tools with the flip of a switch. That way, our customers can focus on building amazing products and personalized messages for their customers, letting us take care of the complexities of processing their customer data reliably at scale. We’re in the running to power the entire customer data ecosystem, and we need the best people to take the market.
As a Principal Security Engineer partnering with the Personas teams, you’ll be partnering with your engineering teammates to develop and implement a comprehensive, multi-year cloud security roadmap to ensure Personas is consistently exceeding the expectations of our enterprise customers. You’ll also be responsible for enabling the Personas engineering teams move fast without sacrificing security by providing mentorship, risk tradeoffs, and tooling. Finally, you'll be getting hands-on with key implementations when needed, to dramatically impact the Security of Personas.
This is a unique position as you’ll be the first embedded Security Engineer on Personas (and at Segment!) and will both execute and help define the role for the future.
Who we are:
We’re a small team of experienced security engineers with diverse technical and non-technical backgrounds. We’re a passionate group of individuals who enjoy challenging traditional, prescriptive security techniques of the past and adapting or creating them to work with Segment’s modern development technologies and practices. We talk about our methods and accomplishments in public blogs, at conferences, and in presentations. If you want to be this kind of security person and work with a team that's like you, to create innovative security solutions for distributed systems and architecture, we'd love to hear about your approach and introduce you to our team.
A little more about our team:
- We said goodbye to our bastions [1]
- We removed long lived access to our AWS accounts [2]
- We scaled our security services with AWS organizations [3]
- We trained our engineers how to perform their own threat model [4]
- We talked about monitoring your ephemeral infrastructure with osquery at QueryCon [5]
- We discussed our overall approach to our security engineering program at LASCON [6]
- Our CISO’s approach to Building a Security Team and Program [7]
- We deleted every employees’ AWS keys [8]!
- We help organize the OWASP SF chapter [9], the AppSec California [10], B-Sides SF [11], and Day of Shecurity [12] conferences
What we do:
- ? We treat usable security controls as a fundamental engineering problem and build software and process based solutions to solve it
- We regularly embed with other engineering teams to secure their most ambitious projects such as Segment Functions [13].
- We value and actively foster a strong security culture here at Segment. We cannot truly push Security left unless our engineers understand why security is important.
- We’re proud of the code we write, and believe we can build automation to enable our engineers to be secure and remain productive.
Who we are looking for:
- You are regularly able to convert highly ambiguous and systemic cloud-security problems into a actionable, clear, and impactful roadmaps
- You are hands-on, you write software, and you can articulate prioritized, actionable security work for Engineering and you to accomplish together
- You have a strong history of improving the security posture at your previous companies through high impact and cross functional projects.
- You have experience consistently and sustainably raising the security bar with your engineering peers
- You're focused, driven and can get challenging projects across the finish line.
- You're empathetic, patient and love to help your teammates grow.
- You understand a broad range of security technologies and how they work, not necessarily all of the details.
- Bonus: GCP Cloud Security and IaC experience
What You Get Out of It:
- A welcoming and collaborative environment with people who love security
- Mentoring and support to work on the things that are important to you
- The opportunity to give back to the security community through open-source projects, blogging, conference talks, etc.
- The ability to contribute to building a new platform to enable the holy grail of customer data — the single view of the customer.
Projects We’re Working On:
- Embedding on mission-critical projects right from the start, to work side-by-side with Eng to prevent security problems from even existing
- Automated monitoring and remediation of security issues in Segment’s massive AWS, GCP and Kubernetes environments
- Previously, we used Okta and Terraform to delete all employee AWS keys and better manage our AWS multi-account strategy [14].
- Scaling our security controls on multi-account with AWS organizations [15].
Requirements:
- You have 8+ years of engineering experience in a production-cloud environment.
- You’re a capable subject-matter expert on security issues and technologies.
- You have working knowledge of service-oriented architectures and software development, as well as experience with different tools and technologies fit for a cloud environment.
- You’ve practiced your CloudSec craft most recently in cloud datacenters and with container technology, and you have experience in at least one of AWS, GCP or Kubernetes
- You are excited to work across the stack on different security challenges and initiatives
- We started small and have done a lot [16] and have big ambitions [17].
- We love open source [18] and also support it with paid fellowships and sponsorship.
- People love working at Segment [19].
- We love talking about what we learned [20] in public and in private [21].
About us (Twilio):
Millions of developers around the world have used Twilio to unlock the magic of communications to improve any human experience. Twilio has democratized communications channels like voice, text, chat, video and email by virtualizing the world’s communications infrastructure through APIs that are simple enough for any developer to use, yet robust enough to power the world’s most demanding applications. By making communications a part of every software developer’s toolkit, Twilio is enabling innovators across every industry — from emerging leaders to the world’s largest organizations — to reinvent how companies engage with their customers.
In accordance with applicable law, the following represents Twilio's reasonable estimate of the range of possible compensation for this role if hired in Colorado. Please note that this information is provided for those hired in Colorado only, and this role is open to candidates outside of Colorado as well.
Salary:
Denver/Boulder Metro:
$146,240 - $182,800
Rest of Colorado:
$127,960 - $159,950
Additionally, this role is eligible to participate in Twilio's equity plan.
An overview of Twilio’s benefits offered is listed below:
Twilio is committed to delivering a comprehensive benefits program that provides support needed for you and your loved ones. It’s likely that you don’t think about benefits every day; however, they are an important component of your total compensation, and we want you to understand the options available to you so that you can make the most of your benefit dollars. At the time of this posting, this role is eligible to participate in the following benefits, which Twilio reserves the right to modify at any time for any reason in accordance with applicable law:
Healthcare Insurance and Leave
- Prescription Drug
- Dental
- Vision
- Flexible Spending and Health Savings Accounts
- Leave programs for all of life’s moments: maternity, parental/bonding, as well medical leave to care for yourself or a loved one
Financial Benefits
- Short and Long Term Disability Insurance
- Life and Accidental Death & Dismemberment Insurance
- 401(k) Retirement Savings Plan with a match
Reimbursement Programs & Stipends
- $65 per month work-from-home stipend
- Up to $50 per month for wellness expenses and activities
- Up to $30 per month to use towards books/eBooks
#LI-Remote
- https://segment.com/blog/infrastructure-access/
- https://segment.com/blog/access-service/
- https://segment.com/blog/segment-aws-organizations/
- https://segment.com/blog/redefining-threat-modeling/
- https://www.youtube.com/watch?v=03tCsq-vDbA&list=PLciHOL_J7IwoYxJ7FwJ-aomCBZViDBMas&index=9&t=0s
- https://www.youtube.com/watch?v=ImJqBX0OXew
- https://www.youtube.com/watch?v=b0r5vc_eCoU
- https://segment.com/blog/secure-access-to-100-aws-accounts/
- https://www.meetup.com/Bay-Area-OWASP/
- https://2018.appseccalifornia.org
- https://bsidessf.org
- https://www.dayofshecurity.com
- https://segment.com/product/connections/functions/
- https://segment.com/blog/secure-access-to-100-aws-accounts/
- https://segment.com/blog/segment-aws-organizations/
- https://segment.com/blog/show-hn-to-series-d/
- http://www.globenewswire.com/news-release/2019/04/02/1795157/0/en/Segment-Raises-175-Million-Series-D-to-Liberate-Customer-Data-from-CRM-and-Usher-in-a-New-Era-of-Customer-Relationships.html
- https://open.segment.com/
- http://www.globenewswire.com/news-release/2019/04/25/1809713/0/en/Glassdoor-and-Battery-Ventures-Name-Segment-a-2019-Top-Private-Cloud-Computing-Company-to-Work-For.html
- https://segment.com/blog/finding-product-market-fit-again/
- https://open.segment.com/segfault/
- https://www.linkedin.com/company/segment-io/life/158aab60-769e-4b14-8505-f8063f6162f6/