Product Security Engineer - Vulnerability Management
Chainalysis
·
Posted:
May 18, 2023
·
Remote
About the position
Chainalysis is seeking a Product Security Engineer with experience in application, cloud, or infrastructure security to join their team. The candidate should have a strong understanding of cloud security best practices, application security principles, and be able to communicate and collaborate effectively. The role involves identifying and managing vulnerabilities within the organization's product portfolio across cloud and application environments, ensuring the security and integrity of their solutions in the blockchain industry.
Responsibilities
- Proactively identify, assess, and prioritize security vulnerabilities in cloud and application environments, and manage them through the remediation process
- Manage and optimize vulnerability management tools such as Tenable, Lacework, and JFrog, ensuring their effective use and alignment with security requirements and best practices
- Develop and maintain meaningful security metrics for vulnerability management tools such as Tenable, Lacework, and JFrog, to evaluate their effectiveness and alignment with security requirements and best practices
- Perform container image scanning to identify and remediate vulnerabilities in containerized applications, ensuring only secure images are deployed
- Conduct instance OS scanning to detect and address vulnerabilities in operating systems running on virtual machines or cloud instances, maintaining infrastructure security and compliance
- Establish and maintain container image and instance OS scanning policies and procedures, ensuring alignment with security requirements and best practices
- Collaborate with development, operations, and security teams to integrate container image and instance OS scanning into CI/CD pipelines, promoting a proactive approach to vulnerability management
- Continuously monitor and report on the effectiveness of container image and instance OS scanning efforts, providing actionable insights and recommendations for improvement
- Provide support to internal users of security tools and promptly respond to security-related concerns across the organization
- Experience with vulnerability management tools such as Tenable, Lacework, and JFrog
- Experience with AWS cloud security best practices
- Experience with Containers and Kubernetes in AWS
- Experience with Patch Management and Configuration Management Tools, including AWS SSM or Ansible
- Experience with Bash and/or Python Scripting to automate various tasks, including patch management, repetitive tasks, data collection, security audits, and compliance checks
- Experience with Linux operating systems, including the ability to understand and analyze system components to identify and remediate vulnerabilities
- Familiarity with Linux package management systems to effectively manage software updates, patches, and dependencies
- Experience with container scanning using JFrog Xray, including configuring and managing policies, integrations, and security rules for vulnerability detection and remediation in container images
- Experience with JFrog Artifactory and its integration with JFrog Xray for comprehensive artifact management and security.
Requirements
- Proactively identify, assess, and prioritize security vulnerabilities in cloud and application environments
- Manage and optimize vulnerability management tools such as Tenable, Lacework, and JFrog
- Develop and maintain meaningful security metrics for vulnerability management tools
- Perform container image scanning to identify and remediate vulnerabilities in containerized applications
- Conduct instance OS scanning to detect and address vulnerabilities in operating systems
- Establish and maintain container image and instance OS scanning policies and procedures
- Collaborate with development, operations, and security teams to integrate scanning into CI/CD pipelines
- Continuously monitor and report on the effectiveness of scanning efforts
- Provide support to internal users of security tools and promptly respond to security-related concerns
- Experience with vulnerability management tools such as Tenable, Lacework, and JFrog
- Experience with AWS cloud security best practices
- Experience with Containers and Kubernetes in AWS
- Experience with Patch Management and Configuration Management Tools, including AWS SSM or Ansible
- Experience with Bash and/or Python Scripting
- Experience with Linux operating systems and package management systems
- Experience with container scanning using JFrog Xray and Artifactory integration
Benefits
- Great benefits
- Professional development opportunities
- Fun work environment
- Diversity and inclusion initiatives
- Accommodations for applicants with disabilities
- Contacting former employers for employment references