Senior Security Engineer, Big Data Container Platforms

Key Skills

Azure, Bitbucket, Continuous Integration & Continuous Delivery - CI/CD, DevOps, Github, GitLab, Java Programming, Jenkins, Python Programming

Job Description

Big Data Infrastructure and Engineering is actively seeking motivated individuals with a strong background in Kubernetes platform security and DevSecOps methodologies to join our team as a Senior Security Engineer. In this role, you will play a crucial part in ensuring the security and integrity of our Big Data Edge Compute Platform (BDECP), which serves as one of the primary compute engines for GM's data pipelines.

BDECP is a cutting-edge shared services platform that is built upon a solid Kubernetes foundation. It lies at the heart of GM's digital transformation initiatives, providing essential support for Artificial Intelligence, Machine Learning, Mobility, and Vehicle Streaming applications. With its rapid growth, BDECP comprises both CPU and GPU compute clusters, offering a diverse and dynamic environment for innovation.

As a Senior Security Engineer, you will be responsible for implementing robust security measures and best practices within the BDECP ecosystem. This includes designing and implementing security controls, conducting vulnerability assessments and penetration testing, and collaborating with cross-functional teams to ensure compliance with industry standards and regulations. Your expertise in Kubernetes platform security and DevSecOps methodologies will be crucial in safeguarding our platform from potential threats and vulnerabilities.

You will be responsible for platform hardening, ensuring tenant applications are architected securely, advancing platform architecture with security as the core tenet and refining our devsecops methodologies to continue to incorporate security earlier in the lifecycle (shift left). You will bring your strong experience in public cloud security to on prem solutions to develop and deploy secure platform capabilities and features. In order to improve our security posture and compliance, you will need to collaborate with platform, enterprise security and application teams and be able to influence without direct authority. An integral part of day to day job of the platform security engineer will also be responding to incidents, problem tasks and driving them to resolution.

• Be able to develop pragmatic solutions to security engineering problems and vision presented by management, own it and implement it end to end
• Design, develop and deploy platform services for security in the areas of network, perimeter, API, secrets & configuration management and AuthNZ
• Analyze proposed application architecture and data flows to identify security concerns and support architecture changes and/or provide solutions
• Implement best practices for identity and access management in a shared multi-tenant Kubernetes environment
• Contribute to security incident and event management solutions, develop alerts & dashboards, operationalize
• Conduct proofs of concept for evaluation and adoption of new security tools & technologies
• Assess performance impact of security solutions and optimize, mitigate as appropriate
• Triage, diagnose and remediate platform related issues as well as support customer issue resolution
• Ensure compliance with enterprise security policies and procedures

Skills and Experience:

• At least seven to eight years of hands on, job related Kubernetes experience with a combination of platform engineering, security implementation and docker based application development
• More than ten years of progressive engineering experience in Information Technology
• Minimum two years of experience with Kubernetes in public cloud such as Amazon EKS, Google GKE or Azure AKS with emphasis on security
• Experience with commercial Kubernetes distribution such as OpenShift, Rancher, Mirantis, Tanzu and their security practices is a plus
• Experience with secure configuration of Kubernetes network services including ingress, software load balancers and nodeports
• Demonstrated knowledge of containerized application development using CI/CD methods and toolsets (e.g. Jenkins, Azure DevOps; Github, Gitlab, Bitbucket etc.)
• Experience with container security solutions such as Aqua, Twistlock or Sysdig Secure
• Experience with Kubernetes secrets, SSL certificates and SSH key management
• Experience with Kubernetes federated authentication model using OIDC, associated toolsets and directory authentication (Active Directory, LDAP, Dex, Gangway)
• Experience with logging & monitoring solutions (ELK, Prometheus, Grafana etc.)
• Understanding of cloud security and CASB products & technologies
• Experience with service automation and infrastructure as code using technologies such as Chef, Ansible or Terraform
• Knowledge of software defined storage, networking and how to configure them for K8s services & deployments
• Knowledge of Linux file system hierarchy, package management, command line interface and bash scripting.
• Some development experience with Python, Java, or other programming languages
• Ability to multi-task and work collaboratively as part of a cross functional team
• Bachelor’s degree in Computer Science or Engineering. Master’s degree is viewed favorably.
• Some level of certification in open source, cloud or commercial Kubernetes distributions (examples – Kubernetes Administrator, Kubernetes Security Specialist) is desirable
• Information security certification such as CISSP, CISA etc is nice to have but not required
• Strong written and verbal communication skills with ability to tailor messaging to the audience

Hybrid:

Position does not require an employee to be on-site full-time but the general expectation is that the employee be onsite an average of three (3) days each week.