Principal Security Operations Engineer

San Francisco, CA

About the Role

The Information Security team is looking for an experienced Principal Security Engineer to assist with the execution and continued development of the information security program.  

The Principal Security Engineer will be responsible for improving tools and processes, automating routine tasks, improving system reliability, and providing engineering support for day-to-day security operations.  The candidate will report to the Director of Information Security, work cross-functionally, and support personnel on technical and non-technical security risks.  

Primary Responsibilities:

  • Build, secure, and maintain the overall security for cloud environments, such as AWS.
  • Integrate security automation and scripting tools (Terraform, Ansible, etc.) to support security infrastructure, maintenance, and configuration management.
  • Support cross-functional teams to securely build infrastructure-as-code early in the continuous integration/continuous delivery (CI/CD) pipeline; shift-left security. 
  • Manage security alerts, participate in on-call rotation, respond to security incidents, lead technical investigations, and perform evidence acquisition. 
  • Conduct security assessments, oversee vulnerability management, manage penetration tests, and provide remediation guidance for timely mitigation of application and system weaknesses.
  • Perform SIEM monitoring and analysis of system, application, and user exploitation attempts.
  • Respond to compliance requests by collecting, analyzing, and interpreting audit evidence.
  • Perform technical security reviews for new product and technology implementations.
  • Stay up to date with the latest security developments and security trends to continually improve internal processes.

Qualifications: 

  • 5 - 10 years experience working in security engineering and operations roles.
  • 3 - 5 years experience working with containers and Kubernetes/EKS environments.
  • Possess the ability to contribute application code to automate security operations tasks using Terraform and Ansible.
  • Experience with branching strategies in Git and experience creating jobs and pipelines in CI/CD tools.
  • Extensive experience with scripting languages (Python, Bash, Golang).
  • Extensive experience in regulated environments subject to security governance and compliance frameworks such as PCI-DSS, SOC 2, Sarbanes-Oxley, and Fedramp.
  • Experience working with Cloud Service Provider platforms such as AWS and the tools used to manage day-to-day activities.
  • Experience with security automation & scripting, Vulnerability Management tools, Single Sign-on (SSO) solutions, Security Information and Event Management (SIEM) systems, Enterprise Detection & Response (EDR/NGAV) solutions, WAF/IDS/IPS/Firewall systems, Incident Response and Forensics, Application Security & Penetration Testing, and SDLC concepts.
  • Knowledge of common network and security concepts and protocols (zero-trust, SSH, encryption, Identity and Access Management, segmentation, defense-in-depth, security architecture, etc.)

Preferred:

  • College Degree and ISC2, ISACA, GIAC, or other relevant industry certifications, or equivalent work experience
  • Operational security experience in a Software-As-A-Service and/or education-focused organization

We understand that not everyone will match the above qualifications 100%. If your background isn’t perfectly aligned but you feel you would be a great addition to the team, we’d love to hear from you.

About Udemy 

At Udemy, we’re all about improving lives through the power of learning. We are a leading global learning company and one of the world’s largest education platforms with more than 54 million learners. Our goal is to provide flexible, effective skill development to empower organizations and individuals. Talented people are everywhere, but opportunities can be hard to come by. That’s why we’re focused on revolutionizing learning, using our skills and expertise to help others develop theirs and reach their full potential. Individually, we bring our unique perspective to reimagine the way we share knowledge. Together, we can improve lives by empowering our learners, our instructors, and businesses around the world.

We are proud to be recognized for our world-class employee experience. Learn more about our Great Place to Work certification here and find out what it's like to work at Udemy on our blog.

Udemy is headquartered in San Francisco with global offices in the US, Turkey, Ireland, Australia, India, and Brazil. Learn more on our company page.

Information regarding data privacy is available within the Udemy Careers Privacy Notice.

At Udemy, we value diversity and inclusion and consider qualified applicants without regard to race, color, religion, sex, national origin, ancestry, age, genetic information, sexual orientation, gender identity, marital or family status, veteran status, medical condition or disability. We will consider for employment qualified applicants with arrest and conviction records.

Udemy Benefits:

  • Eligibility: Regular, full-time employees are eligible for Udemy’s benefit programs.
  • Health Plans: Medical, dental, and vision coverage (100% coverage for employee-only).
  • HSA/FSA/Commuter: Pre-tax savings/spending plans available; generous HSA employer contributions for those enrolled in the HDHP medical plan.
  • Life/Disability: Employer-paid life insurance (supplemental available), in addition to short-term and long-term disability.
  • Retirement: Access to 401(k) with annual employer contribution.
  • Wellbeing: Corporate memberships for meditation and mindfulness, therapy and coaching, financial planning, primary care, tele-health, health advocacy, parent/newborn support, and employee discounts.
  • Education: Free access to the entire course library on the Udemy and Udemy for Business platforms; annual stipend for external learning beginning at six months of employment.
  • Charitable Matching Program: Employer match of monetary contributions to eligible nonprofits and charities that carry a 501(c)(3) tax status.
  • Vacation: 15 days per year of Paid Time Off for hourly; flexible Discretionary Time Off for salaried.
  • Parental Leave: 8 weeks of leave at 100% pay for parents who take time off from work following the date of birth, adoption, or foster placement beginning at six months of employment; this amount is in addition to pregnancy-disability benefits at 100% pay, if applicable.
  • Holidays: 11 paid holidays throughout the year

#LI-DT2

Apply for this job

*Required
First Name *
Last Name *
Phone *
Resume/CV *

Attach, Paste

Supported file types: .pdf,.doc,.docx,.txt,.rtf
Cover Letter

Attach, Paste

Supported file types: .pdf,.doc,.docx,.txt,.rtf

LinkedIn Profile
Website
Are you legally authorized to work in the United States without sponsorship? *

Saying “Yes” to this question indicates you are eligible for work in the United States and do not require sponsorship.

How did you hear about us? *

Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in Udemy’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Gender
Race

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

VeteranStatus
Why are you being asked to complete this form?

We are a federal contractor or subcontractor required by law to provide equal employment opportunity to qualified people with disabilities. We are also required to measure our progress toward having at least 7% of our workforce be individuals with disabilities. To do this, we must ask applicants and employees if they have a disability or have ever had a disability. Because a person may become disabled at any time, we ask all of our employees to update their information at least every five years.

Identifying yourself as an individual with a disability is voluntary, and we hope that you will choose to do so. Your answer will be maintained confidentially and not be seen by selecting officials or anyone else involved in making personnel decisions. Completing the form will not negatively impact you in any way, regardless of whether you have self-identified in the past. For more information about this form or the equal employment obligations of federal contractors under Section 503 of the Rehabilitation Act, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

You are considered to have a disability if you have a physical or mental impairment or medical condition that substantially limits a major life activity, or if you have a history or record of such an impairment or medical condition.

Disabilities include, but are not limited to:

  • Autism
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, or HIV/AIDS
  • Blind or low vision
  • Cancer
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or hard of hearing
  • Depression or anxiety
  • Diabetes
  • Epilepsy
  • Gastrointestinal disorders, for example, Crohn's Disease, or irritable bowel syndrome
  • Intellectual disability
  • Missing limbs or partially missing limbs
  • Nervous system condition for example, migraine headaches, Parkinson’s disease, or Multiple sclerosis (MS)
  • Psychiatric condition, for example, bipolar disorder, schizophrenia, PTSD, or major depression
DisabilityStatus

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.

Application Saved Successfully

Thank you for your interest in Udemy! We received your application and we are delighted that you would consider joining our team. At Udemy our culture prizes education, growth, and accountability. We're excited that you would like to join our mission to change lives through learning.

Our team will review your application and will be in touch if your qualifications match our needs for the role. If you are not selected for this position, keep an eye on our careers page as we're growing and adding openings.