Security Engineer

Department:

Engineering

Location:

Portland, OR or Remote, US

 

Acquia, is transforming the digital strategies of companies all over the world with our open cloud platform. We are passionate and relentlessly committed to helping our clients create digital experiences that are more relevant, personalized, and built for a fast-changing, always-connected, mobile-first world. Headquartered in the US, we have been named as one of North America’s fastest growing software companies as reported by Deloitte and Inc. Magazine, and have been rated a leader by the analyst community and named one of the Best Places to Work by the Boston Business Journal. We are Acquia. We are building for the future of the web, and we want you to be a part of it.

Acquia is looking for an experienced software security engineer or a cloud software engineer with a security mindset to work across Acquia's products in collaboration with Acquia's engineering, operations and corporate security teams.  Although we run PHP & MySQL at a massive scale for our Drupal customers, on the backend we’re building scalable systems, automation and stack enhancements in everything from Ruby to PHP to Go, and storing data in everything from MySQL to DynamoDB.  All this is in the part of the overarching goal to be the best place in the world to run Drupal websites.
 
You will perform security code reviews, work closely with other Acquia software engineers to enhance our platform security, meet compliance requirements, and build new security features. You will also support and audit application and infrastructure vulnerability tests on a wide variety of Acquia products. Top candidates will enjoy analyzing software designs and implementations from a security perspective and will be experienced at discovering subtle security issues that appear under unexpected threat scenarios.
 
Responsibilities:
  • Serves as a Subject Matter Expert (SME) in the field of application security.
  • Perform security testing and design reviews.
  • Advocate security, secure design, and coding practices throughout Acquia.
  • Collaborate with engineering teams to implement customer-facing security features.
  • Maintain strong knowledge of common security vulnerabilities, attack vectors, and remediation techniques.
  • Develop technical solutions to help mitigate security vulnerabilities.
  • Drive security requirements through designing and building prototypes and / or proofs of concept.
  • Deliver design documents and creating user stories.
  • Evaluate, implement, and support security-focused tools and services.
  • Execute projects effectively and efficiently.
Desired Skills and Experience:
  • 5+ years experience practicing secure software development and architecture.
  • Experience working on code reviews, pen-tests, or similar projects.
  • Strong Object Oriented Programming experience with a scripting language such as Ruby, Python, PHP, etc.
  • Passion for websites and website delivery architecture.
  • Deep, working knowledge of LAMP stack--OS, web server, and database systems.
  • At least 5 years experience in cloud and/or security architecture and in SaaS services including APIs.
  • Knowledge of a broad range of attack vectors and exploits.
  • Experience deploying and using open source and commercial security development and testing tools.
  • Excellent technical documentation skills.
  • Results driven, creative, professional, persistent, quality oriented, and self-motivated work style.
  • Flexibility to the needs of the business.
  • High volume log collection and analysis experience a plus.
  • Experience as an open source project contributor a plus.
  • Experience with Drupal a plus.

Acquia is an equal opportunity (EEO) employer. We hire without regard to age, color, disability, gender (including gender identity), marital status, national origin, race, religion, sex, sexual orientation, veteran status, or any other status protected by applicable law.