Senior Security Engineer

As a member of the Security Assurance team, you’ll be responsible for maintaining (and raising) the security bar across our suite of products. We are looking for motivated, passionate experts in security engineering who have a broad base of security knowledge, but also have depth in one or more security domains.

Snowflake has multiple engagement models to support the secure development of our products. We have a decentralized, developer-driven model, as well as a centralized, embedded resource model. We need experienced security engineers to drive and support both.

Our ideal candidate wakes up each morning thinking about ways to scale security. Their goal is to lower risk while letting the business move quickly and safely. They believe Security should be an inherent property of the tools and processes engineers use every day. 

• Support scalable product security reviews by building developer-friendly processes and tools
• Design, plan, and execute projects which identify security requirements, promote the use of secure defaults, and verify the security of implementations
• Perform security code review, vulnerability impact analysis, and recommend effective risk mitigations
• Deploy and manage security automation tools, including SAST, DAST, and SCA, to catch security bugs early and provide actionable feedback to developers
• Consult with development teams to provide: design reviews, risk assessments, prioritized security requirements, and support during implementation

MINIMUM QUALIFICATIONS:

• 5+ years experience deploying services on public cloud infrastructure
• Expert understanding of software security architecture and design, threat modeling, code review, SDLC best practices, and mitigations for common application security issues
• Fluency in one or more programming or scripting languages: Java, Python, C++, Go
• Experience deploying and customizing security tools to detect threats and lower risk: vulnerability scanners, static analyzers, web application firewalls, endpoint security monitoring, etc.
• Knowledge of web and security protocols: HTTP, REST, CSP, CORS, OAuth
• Demonstrated ability to collaborate with other teams to achieve complex objectives

PREFERRED QUALIFICATIONS:

• 7+ years experience working in an information security discipline
• Prior experience working in a high growth, cloud native technology company
• Understanding of modern cloud technology components and deployment patterns: virtual machines, containers, Kubernetes, serverless, infrastructure as code, etc.
• Applied cryptography experience including: symmetric encryption, public key encryption, hashing, HMAC, TLS PKI, etc.
• Ability to write SQL queries and build dashboards, metrics, and reports to drive security outcomes
• Experience using CI/CD pipelines to perform automated security testing
• Have read and are capable of implementing ideas from “Site Reliability Engineering”, “Building Secure & Reliable Systems”, or “Engineering Trustworthy Systems”
• Contributions to the security community, such as open source tools, research papers, conference talks, etc.