Thinking Machines is a data science startup. Our vision is for the Philippines to become a global hub for data science. To do that, we create data science cultures, one organization at a time. We’re a company made up of intellectually curious, civic-minded, forever-learning individuals. We believe that great data science products are built with care for people and that the best way to drive inclusive innovation is to start with a diverse team.
Our field of work is incredibly dynamic, so we want to work with people who are committed to growing with us. We want to hire people who can demonstrate an ability to learn, then provide them with personalized coaching, growth opportunities, and a great working environment to bring their skills to the next level and develop world-class talent.
As a data science consultancy, we regularly deal with tons of data from clients in various industries. Some of this data is more sensitive than others, which means a greater risk when this data is being stored and transmitted. As a Cloud Security Engineer , it’s your duty to ensure that each project meets the appropriate level of digital security required for the nature of its data and infrastructure. This means providing advice for cloud architecture, network configuration and monitoring, and enabling the proper management of secrets, among other responsibilities. This also entails facilitating periodic audits of code and application security at certain points in the project lifecycle.
We also have many employees communicating via various channels and collaborating remotely using multiple tools. It’s your responsibility to make sure that these channels, tools, and integrations meet our privacy and security standards. This means vetting new applications and adjusting to any changes to existing ones.
The world of digital security is ever-changing, and it’s your job to stay updated with the latest best practices and vulnerabilities. You should identify any weaknesses in our extant or upcoming systems and formulate plans to address them in a timely manner. You should also create and disseminate new policies as you see fit, dissolve outdated policies, and educate new and existing employees about how to protect themselves from malicious actors in cyberspace.
Lastly, you should help build and maintain our suite of in-house security monitoring tools that helps us respond to any incidents flagged in real time. You must also proactively and continuously monitor and hunt for potential threats and breaches, creating rules and alerts to detect insecure configurations and malicious activity. You are expected to know how to write code and clear documentation to make it easier to monitor compliance (your job) and comply with security policies (your colleagues’ jobs).
Your day-to-day tasks may look something like this:
Respond to incident alerts and coordinate with the relevant engineers to address them
Review technical proposals for possible lapses in security
Audit a project’s codebase for application security
Assist your teammates with setting up secret management, firewall rules, etc. and monitoring that secure configuration is maintained
Review requests to integrate services into tools like Slack and GitHub
Manage and monitor access control to various services and credentials, including IAM and groups.
Draft, update, document, disseminate, and deprecate security protocols
Conduct a digital security onboarding session for new employees
Write or improve code for monitoring and compliance tools
Create mechanisms to alert upon detection of any security threats or infrastructure misconfiguration
Read up on news and developments in digital security
We are looking for someone who has the following traits:
Eye for detail - Should be able to detect security gaps in architectures and their implementation
Thorough - Should be able to review technical documents from cover to cover and follow through with any security incidents
Process-oriented - Must be able to design and implement security processes and protocols with minimal supervision
Pragmatic - Should be able to weigh risks against mitigation efforts and prioritize focus as necessary
Proactive - Must have the initiative to pinpoint areas for improvement and look for hidden vulnerabilities
Independent learner - Must be capable of learning new tech stacks as necessary to know potential risks and secure configurations
Strong grasp of networking principles, protocols, and best practices
Strong grasp of cryptographic algorithms, tools, and best practices
Can set up new tools for monitoring and compliance
Can build in-house tools from scratch (shell scripts, Python, etc.)
Solid written and verbal communication skills, capable of writing clear documentation for security protocols and reports
Familiarity with common security standards and compliance checklists
Experience with cloud security platforms (e.g. GCP Security Command Center)
Certifications for cloud security engineering or similar topics
Experience with purging secrets from git repositories
We offer the following compensation and benefits:
Competitive salary — the compensation amount is positively correlated with the difficulty of the job, relevant experience, fit, and skill factors.
Fully remote — due to the global pandemic, we have shifted to a fully remote company for the foreseeable future while we monitor the situation.
Individual professional development budget— an annual budget for conferences, training courses, books, and software is available to sharpen your skills and build new ones to help you grow in your role.
Full health benefits — generous health insurance package