Overview

About Platform.sh

Platform.sh is an idea-to-cloud application platform that simplifies cloud infrastructures.

We give developers the tools they need to experiment, innovate, get rapid feedback, and deliver better-quality features with speed and confidence thanks to our unique rapid cloning technology.

Platform.sh serves thousands of customers worldwide including The Financial Times, Gap, Magento Commerce, Adobe, Orange, Hachette, Ikea, Stanford University, Harvard University, The British Council, and Lufthansa.

We want people who are passionate, open, multicultural, friendly, humble, and smart to join us and help this fast-growing, award-winning company to revolutionize the tech industry.

Position Summary

To reinforce our commitment to customers’ privacy and security, for its PaaS solution, Platform.sh is looking for a Security Engineer with a taste for building security focused tools, strong understanding of security standards and practices, and knowledge of the challenges posed by cloud-centric platforms.

If you’re looking for an exciting, high-growth opportunity with an award-winning, cutting-edge company, this could be the job for you.

We are a worldwide distributed team and are looking for engineers who can thrive when provided with flexible hours to work remotely. To be an effective performer here at Platform.sh, you’ll need to be able to collaborate across time zones while having a high level of independence and autonomy in a demanding 100% cloud-based environment.

Security, privacy, and compliance controls are at the heart of what we do as our mission is to simplify the cloud. The job is to transform what is often regarded as red tape and constraints into a well-oiled machine where everything is automated and where every constraint becomes a feature making our product better.

This role reports to our Security Operations Manager and works in close interaction with all teams within our organization, as a chain is only as strong as its weakest link and security is everyone’s business.

What you can expect to do on a daily basis

  • Act as a technical liaison between the Security department and other teams: product, sales, engineering, support, operations, etc.
  • Create documentation (policies, procedures, guidelines, etc.) to help satisfy compliance requirements and/or internal process questions.
  • Evaluate, create, and deploy systems and tools that will enhance our efficiency and automation.
  • Review a new vulnerability, determine its impact and drive our response.
  • Support our staff by responding to information requests, both formal and informal.
  • Coordinate penetration testing, internal and external vulnerability scanning, disaster recovery planning, and related activities.
  • Execute our security incident management process to handle emerging situations.
  • Ensure all systems and services in our environment are securely designed, configured, managed, and monitored.
  • Work with external auditors to establish or renew our certifications such as PCI-DSS and SOC 2.
  • Participate in an on-call rotation, the majority of which is during normal working hours.

Minimum Qualifications:

  • Excellent oral and written communication skills
    • As a worldwide company, English is our lingua franca and Markdown is our notation of choice
  • Ability to operate largely independently (go take that hill) with team lead/management support
  • Able to juggle several requests at the same time and to deal with the asynchronicity of a global team
  • Proficiency in one or more high-level programming languages
    • Python or Go are preferred
  • Command of general Linux fare (kernel, core utils, terminal, shell scripting, man pages, etc.)
    • Comfortable with using only the terminal to complete tasks (SSH/CLI tools are ubiquitous in our workflows)
    • Debian/Ubuntu specific knowledge is valued
  • Experience with Git-based workflows and full traceability requirements (ticketed change management, issue tagging, feature branches, pull requests, code reviews, etc.)
  • Strong knowledge over (a subset of) the following topics:
    • Security fundamentals (CIA triad, least privilege, economy of mechanism, etc.)
    • Cloud security (KMS, VPC, etc.)
    • Identity and Access Management
    • Virtualization and Containerization (LXC/LXD/Docker)
    • Cryptography (TLS, SSH, Storage, etc.)
    • Networking (TCP/IP, logs, iptables, etc.)
    • Incident handling
    • Software Development Life Cycle
    • Secure coding (fail safe, fail secure, etc.)
    • Threat modeling
    • Digital forensics

Skills that enhance your application:

  • CSP certifications (check our providers here)
    • Security focused are preferred (e.g., AWS Certified Security)
  • General security certifications
    • We value ISC2 and ISACA certifications (e.g., CISM, CISSP)
  • Demonstrable experience in:
    • Standards-based risk assessments (e.g., ISO 27001)
    • Implementing PCI-DSS, SOC 2, or related
    • Conducting vendor risk reviews
  • In-depth knowledge of Platform.sh provided software (check our docs here)

Are you a 10 out of 10? Great! Beam your resume over.

Seven of Nine? We would still love to assimilate your CV.

Please note: this is a remote job in APAC timezone, but there might be some restrictions regarding where you can work from due to compliance requirements.

We’re a worldwide, distributed team looking for the best talent. Our remote model has been in practice and thriving since 2014. To us, remote work means flexibility and having truly diverse, global teams.

As a side effect of teams being spread across time zones, you may have to tolerate occasional early morning meetings or late afternoon meetings if you live in an EMEA country*. We do our best to accommodate time zones but there are preferred hours for certain roles and teams. The team you interview with will be able to give you a clear idea of their collaborative hours.

Company perks and benefits

  • Leadership that cares
  • A global team, rich with culture and diversity
  • An open work environment where your voice is encouraged. We can always find ways to do better and look forward to hearing your ideas
  • A product you can believe in. We’re changing the way companies develop and manage their web applications
  • Wellness stipend of US $300 a year
  • Professional development budget of US $800
  • Tandem – a pool of linguists from around the world willing to help each other work on learning new languages
  • Office budget of US $3,000 at hire, (A computer is mandatory but spend the rest on things that help you work, from headphones to a wifi extender.) and a welcome kit of branded swag
  • A yearly global gift exchange – get paired up with someone 3,000 miles or kilometers away, and share a part of your home
  • We’re voted as A Best Place to Work by 96% of our employees
  • Company wide DE&I initiative that you can be a part of
  • Yearly, international, company and team meetups (when we’re not experiencing a pandemic)
  • Remote working/flexibility
  • Company shares (discretionary)

About our recruitment process

We don’t expect a great hire to meet every requirement we have listed. If you can see yourself elevating the team we want to hear about your story. Few of us would be here had we not taken a chance.

You can expect 1-4 interviews on Google Meet. We leave the process fairly customizable to teams and roles, so in some scenarios we’re able to streamline the process to have minimal rounds. Expect a higher number of rounds for director level roles and above.

Additionally, you can schedule coffee chats with potential future peers while you’re in the recruitment process to see if you can envision working together. Use interview and coffee time to make sure the company aligns with your best working environment.

All roles require background checks.

About our software

We are the most unified, secure, enterprise-grade platform for building, running and scaling fleets of websites and applications. Platform.sh is trusted by 5,000+ organizations globally to create the best digital experiences.