Senior Security Engineer, Infrastructure & Cloud Security - Qualtrics

At Qualtrics, we create software the world's best brands use to deliver exceptional frontline experiences, build high-performing teams, and design products people love. But we are more than a platform-we are the creators and stewards of the Experience Management category serving over 18K clients globally. Building a category takes grit, determination, and a disdain for convention-but most of all it requires close-knit, high-functioning teams with an unwavering dedication to serving our customers. When you join one of our teams, you'll be part of a nimble group that's empowered to set aggressive goals and move fast to achieve them. Strategic risks are encouraged and complex problems are solved together, by passing the mic and iterating until the best solution comes to light. You won't have to look to find growth opportunities-ready or not, they'll find you. From retail to government to healthcare, we're on a mission to bring humanity, connection, and empathy back to business. Join over 6,000 people across the globe who think that's work worth doing. **Senior Security Engineer, Infrastructure & Cloud Security** **Why We Have This Role** _As Qualtrics continues to expand the Experience Management (XM) SaaS platform, we must ensure that we're protecting our customers and their data by building and operating secure systems. With over one thousand software & system engineers contributing to Qualtrics XM every day, we have a large attack surface to evaluate and secure. This role is critical to this mission._ _Qualtrics is seeking an experienced security engineer/architect with a passion for security and demonstrated expertise in cloud and infrastructure security. The selected candidate will provide technical leadership and subject matter expertise within the Infrastructure Security team and across the product engineering organization._ _The Infrastructure Security team is responsible for measures to improve and ensure the security of infrastructure used to operate and deliver Qualtrics SaaS products. The team's scope includes cloud (IaaS/PaaS), workload orchestration (Kubernetes, Nomad), containers, data stores and server OS, as well as CI/CD and related systems. Infrastructure Security works in collaboration with other teams within the Information Security organization, including application security, vulnerability management, network security, security operations and incident response, and security assurance. The team also partners with our infrastructure (i.e., SRE) and platform engineering and developer experience teams._ **How You'll Find Success** + _You will define infrastructure and cloud security program strategy and architecture, identify and remediate risks, recommend and drive specific improvements_ + _Collaborate effectively with the Qualtrics engineering organization and fellow security team members; socialize security risks, solutions and and architecture_ + _Mentor and support a team of skilled security engineers to help them_ **How You'll Grow** + Solve challenging security, technical and process challenges which require creative thinking and continuous learning + Learn new technologies, cloud platforms/services and other infrastructure being introduced regularly within the organization in order to provide accurate and comprehensive security guidance + Develop and exercise project management and leadership skills to execute on the program roadmap **Things You'll Do** + _Review system designs and implementations, and consult with engineers across the organization to identify and/or avoid security issues through alignment with security standards and best practices; document and ensure security issues are appropriately remediated_ + _Leverage your accumulated subject matter expertise of Qualtrics systems and infrastructure to propose design patterns and drive architectural improvements which address classes of security flaws in the platform_ + _Develop and implement the cloud & infrastructure security architecture and contribute to program strategy and roadmap plans_ + _Document and improve cloud/infrastructure standards and guidelines_ + _Promote DevSecOps principles and implement Infrastructure as Code (IaC) scanning and policy enforcement to ensure new systems deployed via Terraform, AWS CloudFormation, Code Development Kit or similar methods are secure and compliant with standards and guidelines_ + _Deliver training and provide mentoring to engineers and staff on security topics_ + _Perform the selection, design, development, implementation and management of automated security testing tools (e.g., cloud security posture management (CSPM), network/host/image vulnerability scanners); maintain relationships with product vendors_ + _Leverage development and automation skills to solve security problems, integrate security systems, streamline processes and replace manual work_ **_What We're Looking For On Your Resume_** + _Bachelor's degree in Computer Science, Cybersecurity or a related field_ + _Over 5 years of relevant work experience_ + _Experience as a senior security engineer in infrastructure or cloud security_ + _Multiple years of experience managing and securing AWS services and workloads_ + _Experience leading multi-month security projects and initiatives that require collaboration with teams across an organization_ + _Sound understanding of cloud security vulnerabilities, defense techniques and security best practices, including AWS-specific security practices and present-day threats_ + _Strong working knowledge of AWS services and security concepts including Service Control Policies (SCPs), Identity and Access Management (IAM), VPCs, ELBs, CloudTrail, and security groups_ + _Experience with modern cloud infrastructure, including EC2, Linux-based operating systems, docker containers, workload orchestration (Kubernetes, Nomad), data stores (relational DBs, NoSQL and document DBs (Elasticsearch), object stores (S3)), event streaming (Kafka)_ + _Knowledge of system and infrastructure hardening and monitoring best practices_ + _Experience managing vulnerability scanning tools and/or CSPM_ **_Bonus Points_** + _Experience with assessing/securing the infrastructure of large, complex SaaS applications_ + _One or more relevant security certifications (AWS Certified Security - Specialty, CCSP, CCSK, GCSA, AWS Certified Solutions Architect or DevOps Engineer)_ + _Experience with securing Azure and/or Google Cloud Platform (GCP)_ + _Prior full time SRE, cloud engineering or software development experience_ + _Experience with agile methodologies for project management_ **What You Should Know About This Team** + _We work with a wide array of modern technologies and need to scale our solutions to tens of thousands of end points, thousands of engineers, and worldwide data centers and cloud environments_ + _We emphasize establishing a career development plan and will help you to find meaningful work assignments, learning opportunities and mentorships which will aid your growth and development_ _We work closely with our peer platform security teams and enjoy coming together in person and remotely to build relationships and have fun_ **Our Team's Favorite Perks and Benefits** + Catered lunches, free snacks and drinks + Full time employees receive an annual experience bonus after their first year of employment. Qualtrics Experience Bonus is a program designed to provide experiences to our employees they might not otherwise have. + We spend 10% of our time on individual engineering growth activities every quarter + Quarterly book budget to continue learning and quarterly fitness budget **The Qualtrics Hybrid Work Model:** Our hybrid work model is elegantly simple: we all gather in the office three days a week; Mondays and Thursdays, plus one day selected by your organizational leader. These purposeful in-person days in thoughtfully designed offices help us do our best work and harness the power of collaboration and innovation. For the rest of the week, work where you want, owning the integration of work and life. _Qualtrics is an equal opportunity employer meaning that all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other protected characteristic._ _???????Applicants in the United States of America have rights under Federal Employment Laws:Family & Medical Leave Act (https://www.dol.gov/agencies/whd/posters/fmla) ,Equal Opportunity Employment (https://www.eeoc.gov/poster) ,Employee Polygraph Protection Act (https://www.dol.gov/agencies/whd/posters/employee-polygraph-protection-act)_ _Qualtrics is committed to the inclusion of all qualified individuals. As part of this commitment, Qualtrics will ensure that persons with disabilities are provided with reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please let your Qualtrics contact/recruiter know._ _Not finding a role that's the right fit for now? Qualtrics Insiders is the one-stop shop for all things Qualtrics Life. Sign up for exclusive access to content created with you in mind and get the scoop on what we have going on at Qualtrics - upcoming events, behind the scenes stories from the team, interview tips, hot jobs, and more. No spam - we promise! You'll hear from us two times a month max with fresh, totally tailored info - so be sure to stay connected as you explore your best role and company fit._ _For full-time positions,_ this pay range is for base per year; however, base pay offered may vary depending on location, job-related knowledge, education, skills, and experience. _For part-time or intern positions,_ this pay range is for base pay per hour. A sign-on bonus and restricted stock units may be included in an employment offer, in addition to a range of medical, financial, and other benefits, based on eligibility criteria. Washington State Pay Transparency Range $130,000-$232,000 USD