Senior Cloud Infrastructure Security Engineer
Angi® is transforming the home services industry, creating an environment for homeowners, service professionals and employees to feel right at “home.” For most home maintenance needs, our platform makes it easier than ever to find a qualified service professional for indoor and outdoor jobs, home renovations (or anything in between!). We are on a mission to become the home for everything home by helping small businesses thrive and providing solutions to financing and booking home jobs with just a few clicks.
Over the last 25 years we have opened our doors to a network of over 200K service professionals and helped over 150 million homeowners love where they live. We believe home is the most important place on earth and are embarking on a journey to redefine how people care for their homes. Angi is an amazing place to build your dream career, join us—we cannot wait to welcome you home!
About the team
At Angi, security is tightly woven into product and infrastructure development. We challenge our teams to build systems that are secure-by-default and to protect our users’ most sensitive data. You will be joining a team of engineers who will champion security initiatives throughout the organization. You will be building tools to make secure-by-default easy. You will be conducting regular audits/tests to identify risks and prioritizing fixes for the identified risks. You will continue to raise the bar to make our systems secure.
What you’ll do
- Implement security best practices in our cloud and on-premise IT environment following industry standards / recommendations.
- Identify vulnerabilities, missing patches, and misconfigurations across our cloud, on-premise, and employee infrastructure and ensure there is a scalable approach to prioritizing fixes for any issues identified.
- Implement various types of scanning in our CI/CD pipelines and ensure results are appropriately surfaced to developers.
- Ensure relevant audit and security logs are collected to a central location and exposed to the correct teams for triage, analysis, and incident response.
- Work with auditors and compliance teams to meet required policies and collect required evidence.
- Work with infrastructure engineering teams to ensure that all endpoints throughout the organization are configured with industry aligned security standards, that they have the relevant security tools (MDM, EDR, etc.) installed, and that administrative rights are not needed for non-power users.
- Actively participate in the design and implementation of applications, services, and infrastructure to ensure security and privacy design principles are being followed.
- Triage, escalate, and remediate vulnerabilities found as part of our bug bounty program.
- Work with the product management teams to prioritize fixes for vulnerabilities and work with engineering teams to understand how to fix these issues.
- Get your hands dirty by fixing vulnerabilities, building in security telemetry/instrumentation, and adding security features to our products/applications.
- Design tooling and frameworks to make adoption of security best practices easier for developers when working in our code bases.
- Deploy, manage, and tune infrastructure used to protect our applications from common vulnerability exploitation, account takeover, and denial of service attacks.
- Assist in the creation and maintenance of security training
- Actively participate in all facets of the incident response lifecycle by participating in a 24/7 on-call rotation.
Who you are
- You have a BS or an MS in Computer Science, Computer Engineering, Cyber Security, or a related field
- You have 5+ years of experience working on a security team supporting product/engineering functions, cloud infrastructure, and corporate infrastructure development
- You have in-depth knowledge of security threats, applied cryptography, and risk assessments
- You have hands-on experience in AWS specifically with one or more of the following AWS services: GuardDuty, Config, WAF, Shield, Macie, CloudTrail, SecurityHub.
- You have hands-on experience writing infrastructure-as-code in languages such as Terraform, CloudFormation, Helm, etc.
- You have hands-on experience in Kubernetes and container orchestration
- You have software engineering experience (Python/Java/Scala/Ruby preferred) and an engineering mindset for building reliable and maintainable security infrastructure to support a large organization with CI/CD software engineering practices
- You have experience working with product development teams to empower them on advancing security initiatives
- You are familiar with the OWASP Top 10 vulnerabilities and how to remediate them
- You are familiar with authentication and authorization frameworks or standards such as OAuth, OIDC, SAML, etc.
- You have a willingness to learn and apply new skills and technologies
- You have hands-on experience working with container technologies and Kubernetes
- You have hands-on experience with data analytics and observability concepts and associated tooling (SQL, Looker/Tableau, Grafana LGTM stack, NewRelic, etc.)
- Experience defining and implementing internal practices and controls for the PCI-DSS and Sarbanes-Oxley (SOX) information security and compliance standards is a plus
- Experience presenting at industry conferences or contributing to open source communities is a plus
- Experience with penetration testing methodologies and tools (BurpSuite, OWASP Zap, etc.) is a plus
- Experience with infrastructure vulnerability scanning tools (Qualys, Rapid7, Tenable, etc.) is a plus
- Experience with static analysis tools (Qwiet.ai, ShiftLeft, Fortify, Veracode, Snyk, etc.) is a plus
We value diversity
We know that the best ideas come from teams where diverse points of view uncover new solutions to hard problems. We welcome and value individuals who bring diverse life experiences, educational backgrounds, cultures, and work experiences.
Compensation & Benefits
- The salary band for this position ranges from $175,000 - $185,000 commensurate with experience and performance. Compensation may vary based on factors such as cost of living.
- This position will be eligible for a competitive year end performance bonus & equity package.
- Full medical, dental, vision package to fit your needs
- Flexible vacation policy; work hard and take time when you need it
- Pet discount plans & retirement plan with company match (401K)
- The rare opportunity to work with sharp, motivated teammates solving some of the most unique challenges and changing the world