Careers

Location

Long Beach, CA, US

Company Website

Who we’re looking for:

The Zwift InfoSec Team is looking for a Security Engineer to help build and grow security operations within acquired service teams in order to address both deeply technical and programmatic security issues, as well as emerging new threats. You will lead security due diligence efforts, plan security integration, and execute efforts for M&A acquisitions. You will partner with key project stakeholders to identify key security issues, implementing actionable plans to achieve remediation of security threats, and diving deep on tactical security aspects of a service in need of extra attention. Security Engineers oversee and influence cross-functional security diligence and integration teams to ensure all relevant security concepts are considered. 


Successful Security Engineers at Zwift are self-starters, able to work autonomously, natural problem solvers, collaborative, and not fazed by adversity or ambiguity. You should have strong problem-solving skills, excellent communication skills, a deep technical understanding of modern cloud security threats, the ability to influence people from customers to managers through technical solutions, and the desire to be an individual contributor to securing Zwift’s platform and system/services technology.

The Zwift InfoSec Team is responsible for the security and availability of all services offered by Zwift, as well as providing security support for teams leveraging those services. The Zwift InfoSec team works with service teams to design and build secure solutions, participate and coordinate cross-organization security initiatives, and solve security challenges at scale. This is an exciting and visible role – you will directly influence the security postures for Zwift products and services. 


What you'll do:



  • Work with Engineering teams across Zwift to provide scalable vulnerability management and assessment procedures and provide application security reviews.

  • Collaborate with Engineering teams across Zwift to build secure and scalable containerized architectures in the cloud.

  • Implement information security controls and patterns that support risk assessments and the development of secure architectures.

  • Collaborate with engineering teams to drive product roadmaps, by providing security requirements that map security controls to service features.

  • Identify and mitigate risks throughout our corporate and production environments.

  • Provide continuous technical support and escalation management for security related issues throughout Zwift.

  • Identify opportunities for process improvement, including the development and implementation of internal security tools, tactics, and procedures.

  • Provide security awareness training and outreach to internal development teams.

  • Provide security related guidance and documentation.


What we’re looking for:



  • Bachelor's Degree in Computer Science or a related field (or 5 years equivalent experience)

  • Minimum of 2+ years of progressive security architecture experience; preferably within a professional services firm or similar environment working with startups and large security mature companies.

  • 2+ years of hands-on experience operating and securing container based infrastructures.

  • 2+ years of application security experience designing, building or testing web and API-based architectures.

  • 2+ or more years of related experience in Information Security, Cybersecurity, Identity and Access Management (IAM) and/or Information Technology to include accountability for complex tasks and/or projects.

  • 2+ years of experience working with stakeholders across many functions.

  • 2+ years of experience in Security Engineering, DevOps or IT Operations roles, strong familiarity with the principles of DevOps and Agile development.

  • 2+ years of hands-on experience securing cloud applications and infrastructure (AWS strongly preferred).

  • Understanding of security vulnerabilities, attacker exploit techniques and methods for remediation of such.

  • Excellent understanding/working knowledge of the public cloud infrastructure and services in AWS (IAM, VPC, KMS, CloudWatch, Systems Manager, S3, RDS, Route53, Lambda, AWS Config, etc.) is a strong plus.

  • Excellent understanding of docker and container orchestration with kubernetes and experience running production kubernetes clusters in Amazon EKS, Google GKE, or similar managed platform.

  • Experience implementing and leveraging centralized logging and monitoring solutions such as elasticsearch, kibana, fluentd, influxdb, prometheus, grafana, pagerduty, etc.

  • Experience communicating technical concepts to a non-technical audience.

  • Demonstrated experience in areas such as system security, network, and/or application security experience.

  • Understanding of best practices in one or more security engineering specialties: secure development, cryptography, network security, security operations, systems security, policy, and incident response.

  • Experience with scripting and automation (Python, Go, JS, C, C++, Java, Ruby, or PowerShell)

  • Socially confident with good organization, communication and presentation skills.

  • Self-starter with good analytical skills and a proactive approach to problem-solving.

  • Prior working experience in or with a Software Development or Security Consulting Team is a plus.


How to stand out among the rest:


Your resume is enough to show off your skills, accomplishments, and experience. However, if you choose to include a cover letter introducing us to your awesome personality, we will read that too.


Values:


Of course, we are nothing without our values. Our values ground us. They ensure we run and build a company where people love to work, feel like they are welcomed, included, and belong.  Only then can they thrive and do their best work.  The values we strive to live every day are:



  • Make It Fun

  • Elevate Teammates

  • Cultivate Our Community

  • Always Level Up

Apply now