Couchbase
Architect - Cloud Security (Santa Clara, CA)
Couchbase, Santa Clara, California, us, 95053
Cloud Security Architect
This position will be part of the Capella engineering team that builds and operates our cutting-edge DBaaS service across all three major cloud providers. This will be a highly visible role that will be responsible for driving the architecture and leading implementation of systems pertaining to authentication, role and attribute based access control, data encryption, and network security. The candidate will also role model secure development best practices . In Capella we are the custodians of our customers' data, and systems and operational security are paramount in everything we do. This position will have a critical role in building a cutting edge DBaaS platform available on all three major cloud providers that securely power some of the most demanding applications of our customers. They will collaborate closely with stakeholders across the organization including engineering, product management and Infosec.
Broadly, the job encompasses the following:
Software Development: Responsible for design and implementation of interfaces and systems within Capella that pertain to user authentication and authorization, secure data management, network security, and implementing security best practices on all the three major cloud platforms.
Cloud Security: Capella supports AWS, GCP and Azure. The role would be responsible for spearheading the development of components that interface with platform specific IAM, key management and other services to implement account and data isolation in a multi-tenant architecture.
Architecture and Reviews: Responsible for the security architecture, design, and code reviews of new features and initiatives. The candidate will drive the implementation of secure architecture best practices and information safeguards as applicable in the target cloud environment such as key management, encryption, data privacy, authentication, IAM and enforcement of principle of least privilege.
Thread modeling and risk assessment: Conduct threat modeling and risk assessment during design phases of new components and features.
Technical leadership:
Drive and lead secure development lifecycle practices across the engineering team. Contribute to security incident detection and response plans and disaster recovery plans and procedures.
Required Qualifications:
Minimum of 10 years of experience in software development with at least 5 years of experience in building distributed systems on the cloud.
At least 3 year of hands-on development experience in Golang.
Demonstrable hands-on work experience in one or more of the following with in-depth knowledge of various protocols, specifications and techniques - Single Sign-On, Role based and attribute based access control, data encryption schemes with secure key handling on the cloud, cloud network security such as peered VPC links, Private Links, firewall configuration and ACLs.
Expert in one or more of AWS, GCP and Azure offerings and security reference architectures. Relevant certifications are helpful but not mandatory.
Experience with designing and managing large scale distributed systems in the cloud with clear security boundaries.
Ability to communicate clearly and drive consensus with stakeholders across the organization.
#J-18808-Ljbffr
This position will be part of the Capella engineering team that builds and operates our cutting-edge DBaaS service across all three major cloud providers. This will be a highly visible role that will be responsible for driving the architecture and leading implementation of systems pertaining to authentication, role and attribute based access control, data encryption, and network security. The candidate will also role model secure development best practices . In Capella we are the custodians of our customers' data, and systems and operational security are paramount in everything we do. This position will have a critical role in building a cutting edge DBaaS platform available on all three major cloud providers that securely power some of the most demanding applications of our customers. They will collaborate closely with stakeholders across the organization including engineering, product management and Infosec.
Broadly, the job encompasses the following:
Software Development: Responsible for design and implementation of interfaces and systems within Capella that pertain to user authentication and authorization, secure data management, network security, and implementing security best practices on all the three major cloud platforms.
Cloud Security: Capella supports AWS, GCP and Azure. The role would be responsible for spearheading the development of components that interface with platform specific IAM, key management and other services to implement account and data isolation in a multi-tenant architecture.
Architecture and Reviews: Responsible for the security architecture, design, and code reviews of new features and initiatives. The candidate will drive the implementation of secure architecture best practices and information safeguards as applicable in the target cloud environment such as key management, encryption, data privacy, authentication, IAM and enforcement of principle of least privilege.
Thread modeling and risk assessment: Conduct threat modeling and risk assessment during design phases of new components and features.
Technical leadership:
Drive and lead secure development lifecycle practices across the engineering team. Contribute to security incident detection and response plans and disaster recovery plans and procedures.
Required Qualifications:
Minimum of 10 years of experience in software development with at least 5 years of experience in building distributed systems on the cloud.
At least 3 year of hands-on development experience in Golang.
Demonstrable hands-on work experience in one or more of the following with in-depth knowledge of various protocols, specifications and techniques - Single Sign-On, Role based and attribute based access control, data encryption schemes with secure key handling on the cloud, cloud network security such as peered VPC links, Private Links, firewall configuration and ACLs.
Expert in one or more of AWS, GCP and Azure offerings and security reference architectures. Relevant certifications are helpful but not mandatory.
Experience with designing and managing large scale distributed systems in the cloud with clear security boundaries.
Ability to communicate clearly and drive consensus with stakeholders across the organization.
#J-18808-Ljbffr