Cloudera

Compensation

Full Description

Business Area: Engineering Seniority Level: Mid-Senior level Job Description: At Cloudera, we empower people to transform complex data into clear and actionable insights. With as much data under management as the hyperscalers, we're the preferred data partner for the top companies in almost every industry. Powered by the relentless innovation of the open source community, Cloudera advances digital transformation for the world’s largest enterprises. Staff DevSecOps Engineer Are you passionate about building a robust security platform that seamlessly integrates security into every phase of the software and infrastructure lifecycle? Do you want to lead the adoption of advanced DevSecOps practices, influence product design at the earliest stage, and get your hands dirty implementing sophisticated, highly automated security tooling for multi-cloud and on-prem environments? Great, we've got the position for you! Cloudera is looking for a Staff DevSecOps Engineer with deep expertise in multi-cloud and on-prem security engineering to join a unique blended team. Bringing both security platform development knowledge and application security know-how, you and our highly collaborative team will play a crucial role in building the security platform that underpins all of Cloudera’s products. In this role, you will be a core member of our Product Security (ProdSec) Platform team charged with engineering, deploying, maintaining, and operationalizing our internal security platform providing self-service tools to enable product teams to build and deploy securely by default. You will work as a critical part of our product security development process, driving change at the design stage through automated governance and providing consultation on how to leverage the platform's capabilities. Our goal is to shift security left by building a mature, automated platform that reduces security toil for developers & security staff by allowing them to focus on innovation while ensuring security by design. You will be instrumental in identifying product security pain points and solving them with scalable, platform-based solutions, driving a cycle of continuous improvement across our product portfolio. We’re looking for individuals who want to redefine how security is delivered in a high-velocity engineering organization. You will have the opportunity to teach and learn from Kubernetes trailblazers and help blaze new paths for those following behind you. As a Staff DevSecOps Engineer, you will: Design, develop, and deploy self-service security tools and services that constitute the internal security platform. Lead complex security projects, including end-to-end ownership of tool development and the creation of new security capabilities within the platform. Automate and integrate security controls into CI/CD pipelines (SAST, DAST, SCA, IAST, etc.) and developer workflows. Lead the architecture and deployment of secure multi-cloud environments (AWS, Azure, GCP) using Infrastructure as Code (e.g., Terraform, Ansible). Perform security architecture reviews of new products and features, develop threat models, and provide security-as-code best practices. Collaborate with the Site Reliability Engineering (SRE) team to embed & maintain automated monitoring and security visibility into production systems. Collaborate with internal security teams to support compliance, incident response, and operational security requirements. Develop, refine, and drive the adoption of security engineering best practices and standards across the organization. Evangelize the use of security platform tooling and deliver high-impact DevSecOps training and outreach to internal development & engineering teams. Mentor junior members of the Security team and security advocates in advanced DevSecOps principles, platform engineering, and secure coding practices. We’re excited about you if you have: Proven experience designing, developing, and deploying security tools and services (e.g., security scanners, secrets management, policy engines) used by other engineering & security teams. Expertise in DevSecOps principles and practical experience implementing security controls in CI/CD pipelines (e.g., Jenkins, GitLab CI, GitHub Actions). Deep experience with large-scale cloud security engineering in AWS, Azure, and Google Cloud, including automated network provisioning and secure configuration management. Experience with code review of one or more programming languages (Java, Python, Go, JS/TS). In-depth knowledge of Kubernetes operations, security, and using tools like Helm for deployment and policy enforcement. Expertise in Infrastructure as Code (IaC) & configuration management tools like Terraform, Cloudformation, or Ansible. Demonstrated experience with security tools and platforms, including HashiCorp Vault for secrets management, Splunk for security monitoring and analytics, and CrowdStrike or similar EDR solutions for endpoint security. Deep understanding of web service frameworks, distributed architectures (event-driven, microservices, serverless), and their corresponding security challenges. Experience performing security reviews, developing and reviewing threat models, and conducting risk assessments against complex distributed systems. Security certifications (CISSP, CISA, etc.) are a bonus but not required. Familiarity with Cloudera’s products or other distributed computing systems is a strong bonus, or a willingness to dig into our products to truly understand how they work. This role is not eligible for immigration sponsorship. What you can expect from us: Generous PTO Policy Support work life balance with Unplugged Days Flexible WFH Policy Mental & Physical Wellness programs Phone and Internet Reimbursement program Access to Continued Career Development Comprehensive Benefits and Competitive Packages Paid Volunteer Time Employee Resource Groups EEO/VEVRAA #LI-MH2 #LI-remote It has come to our attention that job seekers have been contacted about fake job opportunities with Cloudera from individuals fraudulently posing as Cloudera employees. These recruiting fraud schemes often include requests for personal information and payments. Be aware that Cloudera will never request a payment as part of its recruitment process. Additionally, Cloudera will never make a job offer without conducting an interview process. Any information submitted to Cloudera in relation to a job application should only be through our official career portal https://www.cloudera.com/careers.html Email communications from Cloudera will come from an email address ending in @cloudera.com. If you are the target of a recruiting scam, consider filing a report with law enforcement authorities. Cloudera is not responsible for fraudulent job offers and/or any claims, damages, expenses, or other inconvenience connected to recruiting scams. For information on Cloudera's Candidate Privacy Notice, click here. If you have any questions about our privacy practices, please contact us at privacy@cloudera.com. EEO/VEVRAA If you need assistance with applying for a position, please email our office at talentacquisition@cloudera.com.