Senior Cloud Cybersecurity Engineer, Tanium
IAM
$115-350k
+ Equity awards
Security and systems management platform
Job no longer available
Security and systems management platform
1001+ employees
Job no longer available
$115-350k
+ Equity awards
1001+ employees
Company mission
Tanium's mission is to provide manageability and security at scale for anything with a chip.
Role
Who you are
- Bachelor's degree or equivalent experience
- Cloud Security, IT Security, or related technical field preferred
- 5-7 years of experience in cloud security prevention, detection, response for public cloud systems (e.g. AWS, Azure) within a DevOps environment
- 5+ years of experience in building and operating cloud-based Identity and Access Management with AWS and Azure as code, including cloud organizations, account, identity, access secrets, role, and policy management for both humans and machines
- 3+ years of hands-on experience in securing identity and access controls for cloud-hosted Kubernetes clusters and their workloads (i.e. custom RBAC roles, workload identities, Open Policy, Operator Framework, Service Meshes, Hierarchical Namespaces ) with K8 service teams, preferably on AKS and EKS
- Explicit hands-on experience using infrastructure-as-code (i.e. Terraform, CloudFormation, ARM) to manage cloud IAM service configurations, such as Azure Entra ID, Azure MyApps, Azure Policies, AWS Organizations, and AWS Organizations Service Control Policies (SCP)
- Familiar with SAML2, OAuth2, and OIDC for Single Sign On (SSO) with federated identity access brokers (i.e. MyApps, Cognito, KeyCloak) for internal and external customer use
- Experience in detection engineering methodologies, such as building detection cases, proactively identify known and unknown cyber threats, advisory behaviors
- Experience in using security query or analytic tools for security data analysis, such as SQL, KQL, or SPL, to enable SecDataOps
- Build and improve IAM security playbooks and runbooks for automating security detection and response
- Solid understanding of modern attacker tactics, techniques, and procedures (TTPs) against cloud provider, Kubernetes, and open source IAM services (e.g. MITRE ATT&CK, building threat intelligence, etc.)
- Prior experience implementing and tailoring identity, authentication, and authorization security controls from ISO 27001, SOC 2, or NIST SP 800-53 security control frameworks for confidential workloads
- Utilize robust analytical and problem-solving capabilities to confirm our hypotheses using precise data and in-depth root cause investigation
- Experience using high-level programming languages (Go, Python) to produce detection-as-code, tools, and automations
- Experience managing cloud infrastructure as infrastructure-as-code (e.g. Terraform, CloudFormation, ARM, Pulumi, Helm)
- Deliver high quality PRs daily using modern software engineering development and automation tools like Git and CI/CD pipelines (i.e. Jenkins, GitHub Actions)
- Deliver quality and velocity of contributions using DevOps principles
- Relentless desire to automate the mundane to focus on solving the harder problems
- Experienced engineer who can put out fires under pressure when things go wrong in production environments and address the root causes of those fires for the future
- Has knowledge of a variety of modern backend software frameworks and the versatility to learn new tools and languages
What the job involves
- The Senior Cloud Cybersecurity (CCS) Security Engineer (IAM) will collaborate with Detection, Security, and Software Engineers to build, operate, and defend Tanium Cloud's Identity and Access Management (IAM) in AWS, Azure, and Kubernetes cloud hosting services
- You will be an integral part of the Tanium Cloud security engineering for IAM, responsible for the design, implementation, and operation of preventative and detective controls to identify, assess, and counter risks and threats before impacting Tanium Cloud
- Build and operate Tanium Cloud's Identity and Access Management (IAM) in Azure, AWS, and Kubernetes as infrastructure-as-code and policy-as-code using DevOps methodologies for multiple CCS owned cloud environments
- Design and implement our security strategy and controls with Security and Software Engineering teams for just-in-time and just-enough access for human and machine identities with Tanium Cloud services and cloud resources
- Continuously evaluate and enhance the design and effectiveness of IAM security measures and establish an ongoing program to advance our IAM security and close gaps in our defensive posture
- Proactively characterize unauthorized activity and malicious behaviors against our Tanium Cloud internal and external IAM services with Detection Engineers
- Develop tailored IAM detections and enforcement policies, perform testing, and implement automation to monitor, assess, and audit security information using SecDataOps and detection engineering best practices
- Stay up to date with the latest IAM security threats, vulnerabilities, and industry trends to proactively enhance security prevention and detection measures
- Build, cultivate, and maintain positive relationships with internal customers to identify and facilitate solutions to increase the impact of the team's work
- Be on periodic on-call for triage of critical alerts from detections and systems
Our take
For millions of companies, cyber security is high on the agenda, especially as remote working has become the norm. Tanium offers a security and systems management platform that allows real-time data collection at an enterprise scale. It covers customers such as AutoNation, GoDaddy, and Whirlpool who use the company’s software to stay abreast of the ever-increasing level of sophisticated cyber attacks.
A valuable tool for enterprises and government organisations, it partners with leading platforms and service providers across the world like Google Cloud, Oracle and Verizon. In doing so, it allows security and IT teams access to accurate information on the state of endpoints, helping it to realise new levels of business resilience.
Tanium added a former US Defence Secretary to its Board in 2021. A collaboration with Salesforce provided a platform that supports IT service management, remote monitoring and management, and cybersecurity capabilities. In the same year, the appointment of CFO Mark Levine could signal an IPO in the near future.
Steph
Company Specialist
Insights
Company
Funding (last 2 of 9 rounds)
Jan 2021
$150m
LATE VC
Oct 2020
$150m
LATE VC
Total funding: $805.7m
Company benefits
- Equity awards
- Generous benefits package consisting of medical, dental and vision plan
- Family planning benefits
- Health savings account
- Flexible spending account
- Transportation savings account
- 401(k) retirement savings plan
- Business travel accident insurance
- Employee assistance programs
- Disability insurance
Company values
- We do the right thing
- We are unstoppable
- We win as a team
Company HQ
Lakeview, Kirkland, WA
Articles
Leadership
David Hindawi
(Executive Chairman)Before co-founding Tanium, David founded BigFix Inc, a systems management tool that IBM acquired, and Software Ventures, a leader in telecommunications software. They have several software patents in network communications and systems management.
Orion Hindawi
(Executive Chairman)Before co-founding Tanium with their father, David, Orion worked as the VP of Technology for BigFix, the systems management tool founded by their father. Previously served as CEO for Tanium.
Dan Streetman
(CEO, not founder)Previously served as CEO for both Allvue Systems and TIBCO. Experience as EVP of Worldwide Sales & Marketing for BMC Software and as SVP of Worldwide Alliances & Channels for Salesforce.
Share this job
View 22 more jobs at Tanium