Cloud Security Engineer
Our security team defends the products, data and systems that power Chainalysis. We are committed to building a diverse team of builders, breakers and shapers to address complex security problems in a novel, exciting space.
Chainalysis Cloud Security Engineers are good problem solvers, automaters, and collaborative in nature. We measure success by how you are able to level up and increase the maturity of the Chainalysis cloud security footprint throughout the development lifecycle.
In one year you’ll know you were successful if…
- You have built a framework and implemented tooling to continuously analyze the security profile of our cloud applications and infrastructure (i.e Guardrails around IAM, cloud misconfigurations and policy violations, terraform security modules) in an automated fashion enabling developers to deploy code securely.
- Have a deep understanding of our Cloud Security posture and footprint through logging, metrics, and tooling.
- Implemented preventative and corrective security automation in our DevOps pipeline making security out of the box a reality for new and upcoming deployments.
A background like this helps, but isn’t entirely required:
- Integrated open source security tools into a DevOps pipeline (Terraform Linting, IAM Access Analysis, Cloud Security posture assessment)
- Experience with the AWS Security Suite of Tools (GuardDuty, SecurityHub, Control Tower, Firewall Manager, etc)
- Deployed and managed AWS Security with tens or hundreds of accounts, using AWS Organizations and Service Control Policies (SCPs)
- Implemented multi-account log aggregation, event management, threat hunting, and incident response
- Proficient with secrets management (Hashicorp Vault, AWS Secrets Management, KMS, chamber, etc)
- Developed custom Terraform modules or submitting pull-requests for Terraform security fixes
- Built, integrated, and maintained AWS SSO (Okta, Ping, or Onelogin).
- Performed cloud architecture design reviews and threat modeling for new initiatives
- DevOps and CI/CD tooling and frameworks (Jenkins, Ansible, CircleCI, TravisCI, etc)
- Built and/or influencing a DevSecOps workflow for engineering teams
- Worked in regulated environments (PCI, SOX, SOC 2, ISO 27K)
At Chainalysis, we help government agencies, cryptocurrency businesses, and financial institutions track and investigate illicit activity on the blockchain, allowing them to engage confidently with cryptocurrency. We take care of our people with great benefits, professional development opportunities, and fun.
You belong here.
At Chainalysis, we believe that diversity of experience and thought makes us stronger. With both customers and employees around the world, we are committed to ensuring our team reflects the unique communities around us. Some of the ways we’re ensuring we keep learning are an internal Diversity Committee, Days of Reflection throughout the year including International Women’s Day, Juneteenth, Harvey Milk Day, and International Migrant’s Day, and a commitment to continue revisiting and reevaluating our diversity culture.
We encourage applicants across any race, ethnicity, gender/gender expression, age, religion, ability, experience and more. Additionally, if you need any accommodations to make our interview process more accessible to you due to a disability, don't hesitate to let us know. You can learn more here. We can’t wait to meet you.
Applying from the EU? Please review our Candidate GDPR Notice.