Member of Technical Staff – Cloud Security

ABOUT WIND RIVER 

Wind River is a global leader in delivering software for mission-critical intelligent systems. For more than four decades, the company has been an innovator and pioneer, powering billions of systems that require the highest levels of security, safety, and reliability.  

Wind River helps customers across automotive, aerospace, defense, industrial, medical, and telecommunications industries solve complex technology challenges on their journey toward the new intelligent machine economy. The company’s software powers generation after generation of the safest, most secure systems in the world.  Examples include playing a key role in NASA space missions such as Artemis I, the James Webb Space Telescope, and multiple Mars rovers. We’ve achieved recent 5G milestones including the world’s first successful 5G data session with Verizon and building one of the largest Open RAN networks in the world with Vodafone. 

The company has received industry recognition for its technology innovation and leadership, and for its workplace culture, including global Great Place to Work certification and being named a “Top Workplace” for ten consecutive years. If you want to be part of a unique culture where the lived experience is based on our cultural attributes of growth mindset, customer-focus, and diversity, equity, inclusion & belonging, come join us and help advance the future software defined world. 

 
YOUR ROLE

As a Member of Technical Staff on our team, you’ll focused on implementing modern DevSecOps technologies, pioneering new security tools, processes and capabilities for cloud-native solutions.

The candidate must have experience in securing cloud-native development environments and be a highly adaptable team player who can quickly ramp up on new technologies and accomplish goals in a fast-paced agile environment. A combination of strong technical and communication skills is a must, along with an unbounded desire to learn new technologies and their application.

In your daily job you will:

• Secure OnPrem and Public Cloud environments leveraging IAC
• Establish, implement security policies for Docker, K8s and Public Cloud Platforms
• Implement and automate Application Security policies by embedding SAST, DAST, API Security and Penetration Testing in the product development workflow
• Accelerate container security with pipeline development
• Drive vulnerability management and remediation in partnership with various product teams
• Manage and maintain secure integrations between tools like Gitlab, Jenkins, JIRA, and many more.
• Implement solutions for event log collection and SIEM.

HOW YOU WILL CONTRIBUTE 

Key skills and competencies for succeeding in this role are:

• Expertise in cybersecurity principles with a desire to increase knowledge and strong analytical skills.
• Experience in Architecting security features on cloud providers (Azure AWS, GCP etc.), On Prem and Hybrid environments.
• Hands-on experience using tools like Coverity, BurpSuite, ZAP, Trivy, PRISMA Cloud, Tenable, Rapid7 etc.
• Working experience designing and implementing Application, network, back-end security-enhancing features
• Deep knowledge of vulnerability management, remediation, and troubleshooting skills
• Security penetration testing & threat modelling would be a plus.
• Industry standards-based documentation, certification, and accreditation such as NIST SP 800-53, NIST 800-171, FEDRAMP, and Security Technical Implement Guides (STIGs) and bringing components into compliance with these standards
• Strong foundation of DevSecOps principles, Infrastructure as Code including Terraform and Helm

,Container and Cluster hardening

• Excellent programming skills using Python, Go etc.
• Proficiency in pipeline automation leveraging Gitlab, Jenkins, Jira etc.
• Secrets Management leveraging Hashicorp Vault is a plus
• Experience with Agile and Scrum
• Self-managed, fast learner, and strong problem-solving skills.
• Excellent verbal and written communication skills and a good listener.
• Exceptional team player who works well in collaborative situations.
• Ability to brainstorm and represent competing ideas simultaneously.
• Growth mindset who is passionate about learning and applying new technologies.
• 8+ years of relevant technical experience in cybersecurity with 2+ years of experience in software engineering.
• BE / MTech degree (Computer Science, Electronics Engineering, or equivalent technical degree)

SECURITY CLEARANCE REQUIREMENTS  

Successful candidates must engage in a security clearance process in regard to their citizenship in order to perform fundamental job duties, as per applicable law. In particular, candidates with certain citizenship may not be able to perform such fundamental job duties. Currently, this includes citizens of the following countries: Belarus; Burma; China; Cuba; Iran; North Korea; Syria; Venezuela; Afghanistan; Cambodia; Central African Republic; Cyprus; Democratic Republic of Congo; Ethiopia; Eritrea; Haiti; Iraq; Lebanon; Libya; Russia; Somalia; South Sudan; Sudan; Zimbabwe. The security clearance process may take a significant amount of time to complete, and any offer of employment will be contingent on the candidate's legal ability to perform the fundamental job duties. Wind River is committed to meeting its obligations to candidates under applicable human rights law and privacy law in this regard.

[