AWS Cloud Security Engineer

Job Description

As part of the Foundation Secure team, you will bring your DevOps knowledge and software engineering skill set into the world of cloud security engineering. Our team uses automation to protect nearly every aspect of Zendesk’s cloud presence in Amazon Web Services. This is a challenging position where you’ll be able to see an immediate impact to your contributions, work alongside a dedicated and caring team, and live on the cutting edge of cloud security.

Proactive engineering is our emphasis. Your prime directive is to build and govern secure cloud environments at scale, empower other engineers to build awesome products, and create tools that provide the data for our Security teams to address threats in Zendesk’s cloud environments.

What you’ll be doing

Building and maintaining the baseline governance and security standards for AWS infrastructure at Zendesk for all of our AWS accounts.

Building self-service AWS tooling on Kubernetes that enables our engineering organization to safely deploy infrastructure with appropriate security guardrails.

Promoting immutable infrastructure on AWS to the wider Zendesk Engineering organization to improve infrastructure reliability and security.

Developing and maintaining Zendesk’s zero-trust SSH infrastructure that gives our infrastructure owners the power to easily manage access to their hosts.

Working to streamline Identity and Access Management not only for AWS, but for hundreds of applications around the Zendesk Engineering organization.

Champion and maintain our self service IaC system for the organization.

Harden and streamline the process of building virtual machine and container golden images for hundreds of services.

Lead engineering teams looking to deploy new AWS technologies and architectures on best practices and security models.

Partner with our Security organization to build the tools that provide Engineering teams with the information to react to threats and misconfigurations in our infrastructure.

Implement and manage reactive and proactive security controls in AWS using CICD.​

What you bring to the role

Required :

2+ years experience or equivalent education configuring and securing AWS using their native service offerings (IAM, Control Tower, Organizations, SCPs, Lambda, Cloudtrail).

2+ years experience or equivalent education building services using AWS Managed Services.

2+ years experience or equivalent education deleriving production services in a programming language and willingness to learn other languages.

2+ years experience or equivalent education working with Linux and container-based architectures : Docker, Kubernetes.

Strong track record of working collaboratively with external stakeholders to achieve project goals.

Practical DevOps knowledge, with a knack for addressing operational challenges through automation, scripting, and custom software solutions.

A strong grasp of security best practices to safeguard our cloud landscape.

An analytical approach to problem-solving, you believe the best decisions are made when they are backed by data.

Preferred :

Experience in building and maintaining golden images for virtual machines and docker containers.

Hands-on experience with infrastructure-as-code tools like Cloudformation / Terraform / SDKs.

Proficiency in the Go, Python, or Ruby programming languages.

Observability focused mindset and an analytical approach to problem-solving : you believe the best decisions are made when they are backed by data.

Demonstrated desire to learn new technologies and programming languages as our team and responsibilities evolve over time.

Familiarity with CI / CD workflows, preferably with GitHub Actions.

Experience with Kubernetes in a production environment, including the creation and use of operators.

AWS Certifications.

LI-MK10

The Poland annualized base salary range for this position is zł297,000.00-zł445,000.00. Please note that while the salary range represents the minimum and maximum base salary rate for this position, the actual compensation offered will be based on job related capabilities, applicable experience, and other relevant factors. This position may also be eligible for bonus, benefits, or related incentives that will be communicated during the offer stage.

Hybrid : In this role, our hybrid experience is designed at the team level to give you a rich onsite experience packed with connection, collaboration, learning, and celebration - while also giving you flexibility to work remotely for part of the week. This role must attend our local office for part of the week. The specific in-office schedule is to be determined by the hiring manager.