Founded in 2014 by engineers from Google, Facebook and Oracle, Rubrik has created a cloud data management platform that’s transforming how company’s backup, restore, search, analyze and manage data both on-prem and in the cloud. Blending expertise from consumer and enterprise worlds, we’ve introduced a new, simple approach to the $48 billion legacy data backup and recovery market -- a space that hasn’t seen innovation in 20+ years. This is the reason Rubrik has raised over $292 million in funding from Silicon Valley’s top VCs and is growing faster than Arista Networks, Palo Alto Networks and Workday combined. At only five years old, we’re just getting started and have very ambitious goals.
Where can you make an impact?
Rubrik is seeking a Product Security Engineer. In this role, you will help mature our product security initiatives to drive security outcomes in the development process. You will partner with internal stakeholders and implement modern security processes and technologies to further integrate security into the development lifecycle.
- Partner with engineering teams across rubrik to create secure application and deployment architectures utilizing threat models and risk analysis documentation
- Define policies across the organization for secure software development activities within hybrid cloud environments
- Work with development teams, operations, governance, and other stakeholders to draft security standards and implement monitoring to adhere to those standards
- Integrate and/or build security tools for integration in the CI/CD and build processes and work with development teams to mitigate findings
- Support incident responders in analyzing applicable threats, vulnerabilities, controls and residual risks
- Analyze and harden existing applications, infrastructure, automation, and deployment processes
- Conduct internal penetration testing and coordinate external penetration tests and bug bounty programs
- Coordinate with security researcher community for submitted vulnerabilities and issues
- Bachelor’s degree required; BS or MS in Computer Science, Information Technology, or a related field
- 6+ years’ experience in application security, with experience across SDLC activities such as threat modeling, secure code review, vulnerability management, and penetration testing
- Broad knowledge of web, application, and cloud attack vectors and exploits
- Subject matter expertise in applied key management, certificate management and cryptography
- Deep understanding of authentication and authorization concepts and protocols including IAM, mTLS, OAuth/OIDC, and SAML
- Deep security subject matter expertise in at least one major public cloud provider (AWS, GCP, Azure)
- Experience with deploying and securing SaaS applications and cloud environments at scale
- Working experience with CI/CD pipeline, containerization (Kubernetes, Docker, etc) and MicroServices
- Coordinating penetration testing / bug bounty programs and assisting with remediation
- Knowledge of regulatory guidelines and standards such as SOC2, ISO 27001, FedRAMP, etc.
- Understanding of application security maturity model frameworks and how to apply them
- Strong written and verbal communication skills
Rubrik provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, Rubrik complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.
Apply For This Job