What You Will Work On
- Functioning as a lead security engineer to ensure security proofing and compliance of our software systems, applications and services in cloud and on-premise
- Enable effective security testing of Markforged’s software applications, APIs and IoT capabilities
- Develop technical solutions to mitigate security threats, vulnerabilities and risks
- Conduct security threat-modeling, risk assessment and execution of treatment plans
- Develop and maintain our AWS access control, IAM policies and Key Management
- Perform software deliverable security reviews, code scanning and release sign-off
- Develop security tools and support penetration testing
- Monitor and communicate potential security risks, impacts and solutions to engineering and product teams
- Web application security; general web app protections and behaviors, WAF, implementations, responding to behavioral anomalies, and proactively securing a large and dynamic application perimeter
What We Look For
- BS/MS in Computer Science or related field, or equivalent work experience
- 5+ years experience across secured web applications, cloud services security, static code analysis, cryptography and system-level security
- Strong cyber-security experience with a major cloud provider ecosystem (Amazon AWS/Microsoft Azure/Google) (Ex: IAM, KMS)
- Experience in security topics - access control, configuration, vulnerability analysis, logging and monitoring
- Experience with SOC2 compliance and ISO certification
- Familiar with Auth, SSO solutions, and authentication & authorization solution best practices
- Experience in implementing security tools, methods and procedures that made security realistic and integrated into software development and deployment processes
- Experience with log management and monitoring tools, including cloud native tools, is strongly desired.
- Ideal candidate should be able to aggregate, correlate, and report on logs and metrics, use them for detecting anomalous or risky behavior and triggering automated actions or alerts.
- Familiarity with common exploits, such as XSS, SQL, Injection, DOS, man in the middle, and buffer overflows, as well as how to detect them and protect against them
- Solid interpersonal, written, and oral communication skills and ability to effectively work in an agile team
Markforged values the differences among our employees and provides equal employment opportunities to all employees and applicants for employment. These differences include but are not limited to race, color, ancestry, national origin, gender, sexual orientation, marital status, religion, age, disability, gender identity, results of genetic testing, or service in the military. This goal emphasizes the development of inclusive work environments that capitalize on each employee’s skills, experience, and unique perspectives as we strive to achieve an unparalleled standard of excellence. To all recruitment agencies: Markforged does not accept agency resumes. Please do not forward resumes to our jobs alias or Markforged employees. Markforged is not responsible for any fees related to unsolicited resumes.