Udemy is the world’s largest education platform with more than 30 million monthly visitors. Through our Consumer and Enterprise businesses, Udemy creates new possibilities for people and organizations everywhere by connecting them to the knowledge and skills they need to succeed in a changing world.
The Udemy consumer marketplace offers thousands of up-to-date courses in dozens of languages and provides the tools learners and instructors need to achieve their goals and reach their full potential.
For companies, Udemy Business (UB) offers an employee training and development platform with subscription access to thousands of courses, learning analytics, as well as the ability to host and distribute their own content. Our enterprise platform is among the fastest growing SaaS businesses in the world. UB has more than 10,000 customers and serves the majority of the Fortune 100.
We are proud to be recognized for our world class employee experience:
Business Insider SF: Best Places to Work Bay Area
Built In Colorado: Best Places to Work
Best Workplaces (Great Place to Work List): #1 in Turkey #5 in Ireland
Certified Best Place to Work: Dublin for Women
Fortune: Change the World Company
Udemy is headquartered in San Francisco with hubs in Ankara, Turkey; Austin, Texas; Boston, Massachusetts; Mountain View, California; Denver, Colorado; Dublin, Ireland; Melbourne, Australia; New Delhi, India; and Sao Paulo, Brazil.
The Information Security team is looking for an experienced Senior Security Engineer to assist with the execution and continued development of the information security program.
The Senior Security Engineer will be responsible for improving tools and processes, automating routine tasks, improving system reliability, and providing engineering support for day-to-day security operations. The candidate will report to the Director of Information Security, work cross-functionally, and support personnel on technical and non-technical security risks.
- Build, secure, and maintain the overall security for cloud environments, such as AWS.
- Integrate security automation and scripting tools (Terraform, Ansible, etc.) to support security infrastructure, maintenance, and configuration management.
- Support cross-functional teams to securely build infrastructure-as-code early in the continuous integration/continuous delivery (CI/CD) pipeline; shift-left security.
- Manage security alerts, participate in on-call rotation, respond to security incidents, lead technical investigations, and perform evidence acquisition.
- Conduct security assessments, oversee vulnerability management, manage penetration tests, and provide remediation guidance for timely mitigation of application and system weaknesses.
- Perform SIEM monitoring and analysis of system, application, and user exploitation attempts.
- Respond to compliance requests by collecting, analyzing, and interpreting audit evidence.
- Perform technical security reviews for new product and technology implementations.
- Stay up to date with the latest security developments and security trends to continually improve internal processes.
- 5 - 10 years experience working in security engineering and operations roles.
- 3 - 5 years experience working with containers and Kubernetes/EKS environments.
- Possess the ability to contribute application code to automate security operations tasks using Terraform and Ansible.
- Experience with branching strategies in Git and experience creating jobs and pipelines in CI/CD tools.
- Extensive experience with scripting languages (Python, Bash).
- Extensive experience in regulated environments subject to security governance and compliance frameworks such as PCI-DSS, SOC 2, Sarbanes-Oxley, and Fedramp.
- Experience working with Cloud Service Provider platforms such as AWS and the tools used to manage day-to-day activities.
- Experience with security automation & scripting, Vulnerability Management tools, Single Sign-on (SSO) solutions, Security Information and Event Management (SIEM) systems, Enterprise Detection & Response (EDR/NGAV) solutions, WAF/IDS/IPS/Firewall systems, Incident Response and Forensics, Application Security & Penetration Testing, and SDLC concepts.
- Knowledge of common network and security concepts and protocols (zero-trust, SSH, encryption, Identity and Access Management, segmentation, defense-in-depth, security architecture, etc.)
- College Degree and ISC2, ISACA, GIAC, or other relevant industry certifications, or equivalent work experience
- Operational security experience in a Software-As-A-Service and/or education-focused organization