Cloud Security Engineer - Detection & Response

Join our team at ASAPP, where we're developing transformative Vertical AI designed to improve customer experience. Recognized by Forbes AI 50, ASAPP designs generative AI solutions that transform the customer engagement practices of Fortune 500 companies. With our automation and simplified work processes, we empower people to reach their full potential and create exceptional experiences for everyone involved. Work with our team of talented researchers, engineers, scientists, and specialists to help solve some of the biggest and most complex problems the world is facing.

As a member of our team, you will have oversight and responsibility for different domains such as application security, infrastructure security, corporate security, detection engineering and Incident Response, and protection of sensitive data. You will actively participate in the buildout and improvement of our cloud security infrastructure and its cloud security posture management (CSPM ), leveraging ASAPP’s people and technology for maximum benefit, you will also have an active voice and participation in the design review of ASAPP products.

As a full-time Security Engineer, you will partner with our Product Engineering, Platform, SRE and ITS teams to help us develop secure, scalable, and robust services. You should be familiar with secure coding methodologies, code and infrastructure vulnerability detection systems and running security on Cloud environments. Last, but not least, You should be keen on wanting to teach (and learn) from everyone on our team!

This individual will be joining a mature and established Security Engineering team. You will be improving our existing code security pipeline, partnering with cross functional Engineering and Infrastructure teams, and working across ASAPP’s people and technology footprints to design, build and run secure systems.

What you’ll do

• Develop and document technical solutions to help mitigate security vulnerabilities
• Conduct research to identify new attack vectors against ASAPP products and services as well as conducting vulnerability and risk management across the ecosystems
• Participate in related penetration testing, red teaming, and other offensive security exercises
• Contribute to securely configuring our cloud environments
• Co-own the security detection and incident response tooling an process
• Interact and collaborate with different engineering teams
• Participate in on-call responsibilities along with your teammates

What you’ll need

• +4 years experience on security detection and incident response
• Perform security investigation when its required including threat hunting and forensics
• Familiar with container ecosystems (docker, k8s, helm), and security best practices
• Deep understanding of cloud-based (AWS) infrastructure and security technologies
• Experience with IAM and RBAC and IdP solutions
• Experience writing IaC especially Terraform
• 4+ years of experience identifying potential cybersecurity attacks and mitigations across multiple and diverse attack vectors
• Proficient in at least one high-level programming language (Python preferred)
• Strong interpersonal and communication skills

What we’d like to see

• B.S. in Computer Science or related field, or equivalent experience
• Involvement in the Security community and industry participation is a plus
• Experience with solving problem related to Infrastructure security with good understanding of Architectural Review
• Knowledge about encryption
• Experience developing detections as code (detection engineering) solutions
• Previous experience doing security on agile/fast startup environments
• Experience with cloud native architecture

Benefits

• Competitive compensation
• Stock options
• Insurance
• Free Lunch and Dinner
• Connectivity (mobile phone & internet) stipend
• Wellness perks
• Mac equipment
• Learning & development stipend
• Parental leave, including 6 weeks paternity leave