Arduino’s mission is to enable people to enhance their lives through accessible open-source electronics and digital technologies. Since 2005 millions of people from around the world starting from young kids to university students and on to people involved in every imaginable profession have been using Arduino to innovate in the fields of music, games and toys, smart homes, farming, autonomous vehicles and many more.
We are now looking for a Sr Cloud Security Engineer to join our team of expert professionals eager to share their knowledge and be part of this vibrant company’s journey towards the democratization of technology. You will be responsible for ensuring the security of Arduino Software and Cloud platforms and also for fostering awareness inside the company about security best practices.
Arduino is a technology-driven company, and you will have the opportunity to join a passionate and collaborative team, within a multinational and driven organization.
What We Offer
- A challenging career path in a rapidly growing company with a modern vision and talented teams.
- A competitive salary (and benefits) that values people's skills and experience.
- A young and inspiring work environment that encourages diversity and cultural exchange.
- Individual growth objectives with a dedicated budget for learning/training.
- Flexible working hours and working locations, we value work-life balance!
- A meaningful work opportunity in a mission-driven company committed to empowering people around the world.
And if you live near one of our offices…
- Ping pong and football tournaments (sport or gym benefit is also included for everyone!).
- Seasonal celebrations, happy hours, and everyday drinks and snacks at the office.
- Sunny rooftop lunch breaks and hamacas for relaxation and concentration.
What you'll work on
- Make sure that the data we are trusted to protect is secured to the highest standards;
- Guiding the Development and DevOps teams on Security Best Practices;
- Provide security guidance on a constant stream of new projects and technologies;
- Provide subject matter expertise on architecture, authentication and system security
- Design, implement, and manage security solutions for AWS environment through IaC technologies;
- Implement and manage standard AWS security tools including but not limited to AWS Security Hub, AWS GuardDuty, Inspector, CloudTrail, WAF, KMS, Config, IAM Access Analyzer.
- Building secure CI/CD pipelines adopting DevSecOps principles for our applications (Harness Drone, Jenkins, GitHub Actions);
- Developing internal tooling and systems that help daily work of our Development and DevOps teams, on top of Cloud services, Kubernetes, Terraform;
- Build internal tools for detecting and responding to security problems and incidents
- Monitor cloud environments for security incidents and anomalies, and respond to suspected incidents in a timely manner;
- Collaborate with Infrastructure and Application development teams to integrate security controls in the cloud using standardized configuration tools;
- Make intelligent decisions around prioritization of efforts based on risk;
- Ensure alignment and compliance with ISO 27001 and provide definition of Security policy for all the organization, including Training of company employees on security policy.
What you bring
- Bachelor or Master Degree in Computer Science or related field, or equivalent experience;
- 5+ years of experience in security engineering or comparable experience (DevOps, SRE);
- Experience in Containerisation / Orchestration with Docker and Kubernetes;
- Strong, well-rounded background in host, network, and cloud security;
- Experience in designing and definition of secure cloud native systems;
- Experience with applied cryptography including PKI, SSL, and key management;
- Expertise with modern programming languages and software versioning tools (GIT/GitHub);
- Knowledge of relevant security compliance, standards and regulations (e.g. ISO, NIST, GDPR, CIS);
- Knowledge of internet security issues and the threat landscape (e.g. MITRE ATT&CK, CVEs, CWE);
- Experience with security monitoring, incident detection and response to suspected incidents in a timely manner;
- Experience with Vulnerability Management, Threat modeling, Risk Assessment and Risk Mitigation;
- Good written and oral communication skills in English;
- Ability to work with cross-functional teams (including developers, engineers, and IT) and to explain technical concept to non-technical audience (eg training to employees);
- Skilled in problem-solving;
- Analytical skills; result oriented and continuous learning approach.
Bonus Points
- Previous experience working with Infrastructure and DevOps
- Working experience with cloud providers like AWS or GCP
- Working knowledge of Cloudflare, Auth0, Datadog
- Experience with Arduino or other microcontrollers
- Experience with hardware security
- Experience with the Go programming language
If you're excited about this role or about our company but your experience doesn't align perfectly with the points outlined above, we strongly encourage you to apply anyways. Show us the boards you designed! If in any case we feel you don’t fit for this job we may have something else for you!