Information Security Engineer

Remote, United States /
Engineering – Information Security /
Full-Time
At Confluent, we’re creating a category that transforms how every company manages and streams data. Have you ever found a new favorite series on Netflix, picked up groceries curbside at Walmart, or paid for something using Square? That’s Confluent in action—giving our customers instant access to massive amounts of real-time data, enabling them to thrive in an ever-changing digital world. As one of the fastest-growing enterprise companies in history, and with Fortune 100 customers across major industries, we have a tremendous opportunity in front of us. We also have experience on our side. Our leaders have taken companies of our size to major success before and include some of the original creators of Apache Kafka®.

We’re looking for self-motivated team members who crave a challenge and feel energized to roll up their sleeves and help realize Confluent’s unlimited potential. Chart your own path and take healthy risks with the backing and support of our #OneTeam culture. Be part of inclusive initiatives like Employee Resource Groups and development programs, and take advantage of benefits that support our diverse global teams. Grow as we grow—whether you’re just starting out or managing a large team, you’ll be amazed at the magnitude of your impact.

About the role:
Primary emphasis for the Security Engineer role will be placed on building tools and metrics for the use of the Information Security team.  Additional responsibilities for the role include evaluating the effectiveness of existing security controls and recommending and implementing new security controls.  Additional duties may include monitoring security events, current state of systems, and performing root cause analysis of security incidents. This candidate should possess an understanding of cloud security controls and architecture. (AWS, GCP, Azure, etc.) along with a fundamental understanding of traditional security tools to include Security Design and Architecture, Threat and Vulnerability Management, Penetration Testing, Endpoint Security.

Key Responsibilities:

    • Design and implement tools to support the information security organization
    • Define key performance indicators for measurement of information security initiatives
    • Create monitoring and reporting dashboards for use within the enterprise
    • Participate in the vulnerability management processes
    • Drive cross-team projects to completion
    • Evaluate the effectiveness of existing security controls
    • Advise business stakeholders of security risks and make recommendation for risk mitigation
    • Participate in maturing existing security controls
    • Perform tuning and automation of data feeds and response
    • Analyze potential infrastructure and application security incidents to determine if incident qualifies as a legitimate security breach
    • Perform security incident investigations, determining the root cause of the security incident and preserving evidence
    • Interface with technical and business personnel on other teams as required
    • Participate in knowledge sharing with other analysts and develop solutions efficiently

Required Skills:

    • Strong analytical and problem solving skills
    • Ability to manage and track multiple tasks, and work independently or in a team
    • Experience with an effective metrics and reporting program including KPI measurement
    • Broad knowledge of IT Security technologies, ideally related to Cloud infrastructure
    • Experience with Security Information and Event Management (SIEM) tools like Elastic, ArcSight, QRadar, Splunk, Logrythm, etc.
    • Experience with security controls used to support an effective software development lifecycle
    • Experience with Vulnerability scanners like Nessus, Rapid 7, Qualys, etc.
    • Understanding of Kubernetes

Nice to have Skills:

    • Current Security OSCP, GIAC, GCIH, CISSP, or similar strongly desired
    • Knowledge of Networking protocols and technologies, e.g. TCP/IP, Firewalls, Routers, etc.
    • Knowledge of OWASP security model and Web application security
    • Familiarity with SOC operations and controls
    • Batch Programming and Scripting skills
#LI-MT1

Come As You Are

At Confluent, equality is a core tenet of our culture. We are committed to building an inclusive global team that represents a variety of backgrounds, perspectives, beliefs, and experiences. The more diverse we are, the richer our community and the broader our impact.

Click here to review our California Candidate Privacy Notice, which describes how and when Confluent, Inc., and its group companies, collects, uses, and shares certain personal information of California job applicants and prospective employees.