Platform Security Software Engineer

Requirements

• Experience with Containers, Kubernetes, Infrastructure-as-Code and programming languages such as Go, Java and/or Python
• Proven experience in a security engineering role with hands-on technical involvement, and exposure to decision making processes
• An active interest and background in Cloud, Infrastructure and/or Network security
• Proven track record with cloud-native authentication mechanisms (i.e. OIDC, OAuth2), secrets management, admission controllers, service mesh, mTLS and cloud based IAM solutions
• Familiarity with securing and hardening K8s clusters, containerised applications and Linux hosts
• Demonstrated ability to architect cloud-native applications including the design of APIs and microservices on containers

What the job involves

• Aura is Neo4j’s managed cloud platform, operating at scale with 800+ Kubernetes clusters across multiple clouds. At its core is Omni, the platform that powers Aura.
• Within it, the Platform Security team ensures developers have the tools and documentation to ship secure code and create services using a secure-by-design ethos.
• We’re hiring experienced engineers with a security mindset to expand our tooling, add new guardrails, and partner with Aura teams on secure design.
• Develop cloud-native controls in Azure, AWS and/or GCP to enforce the security baseline at scale, integrating with open-source and vendor tools as needed.
• Enhance product security along the software development lifecycle by creating “paved roads” and defining additional security and software excellence requirements for containerised services running on multiple managed Kubernetes clusters.
• Act as a subject-matter expert for the Platform and Engineering teams by providing guidance on cloud and k8s services, secure infrastructure-as-code, modern secure AuthZ/AuthN techniques (i.e. SPIFFE) and secrets management solutions.
• Collaborate with other teams to define and implement Cloud/K8s native policies and procedures (i.e. Kyverno, Pod Security Standards).
• Conduct security assessments, audits and architecture reviews in order to introduce new cloud controls in the platform and make recommendations to improve the overall security posture.
• Support the incident detection and response process by maintaining cloud monitoring and alerting tooling and developing scripts needed for troubleshooting and resolution of incidents and security issues.