Security Practitioner

Posted on:


Job Description

About ClickHouse

We are the company behind the popular open-source, high performance columnar OLAP database management system for real-time analytics. ClickHouse works 100-1000x faster than traditional approaches. By offering a true column-based DBMS, it allows for systems to generate reports from petabytes of raw data with sub-second latencies. With an amazing community already adopting our open-source technology, we are now embracing our journey in delivering Cloud first solutions to delight our customers.With top adopters such as Uber, Cisco, and eBay – not only do our products work at lightning speed, so do we.We are an open and collaborative company. Our colleagues are curious, engaged and excited about what they do. If you want to work in an environment where you can learn, grow, be an agent of change and have your voice heard – then please read on! 
About the team The Security Team is responsible for providing key security capabilities covering application, cloud and enterprise security, incident response, detection and GRC. Our team is looking for an experienced, hands-on security practitioner, who will drive the adoption of modern security processes and tooling, with focus on supporting our engineering and product teams in improving the security posture of our platforms and services.Note: This position can be fully remote anywhere in the United Kingdom.What you will do:
  • Collaborate with engineering and product on improving existing and building new product features with focus on threat modeling, assurance and secure implementation, some examples of recent work include implementation of secure key management, passwordless authentication, m2m authentication, sandboxing and compute/network/storage isolation
  • Identify security gaps and vulnerabilities in ClickHouse Cloud and OSS, triage a wide range of vulnerabilities reported via our bug bounty program, responsible disclosure, GitHub Issues covering web, API and server – client assets including low level memory issues like heap or buffer overflows
  • Improve and develop security assurance activities – pentests, vulnerability assessments, bug bounty programs, fuzzing
  • Drive implementation and usage of engineering security tools – static, dynamic code analysis, dependency checks, code licensing compliance (working knowledge of Snyk, Semgrep, GitHub CodeQL)
  • Nurture the engineering – security relationship, identify and implement process and technology improvements
  • Handle information security events and incidents across ClickHouse products and services
  • Develop processes, tooling and automation to scale security processes and mitigate risks to the business
What you bring along:
  • Experience supporting engineering and product implementation efforts by performing threat assessments, assurance activities, advisory as well as, in some cases, implementation work across distributed systems covering web, API, client/server assets
  • Strong knowledge of and experience with one or more cloud service providers (e.g. AWS, GCP, Azure), Kubernetes, Cilium
  • Experience implementing and operating engineering security tools and processes (e.g. static / dynamic code analysis, software composition analysis, SBOM, OWASP SAMM, client and network fuzzing tools)
  • Significant development and automation experience, ability to work with C++ code
  • Security as code mindset, with focus on solving problems with automation and scale in mind
Bonus Points:
  • BS, MS, or PhD in Computer Science or related field
  • Previous contributions to open source projects
  • Security or cloud related certifications (AWS, GCP, Azure)

Compensation

This role offers cash compensation and a stock options grant. For roles based in the United States, you can find above our typical starting salary ranges for this role, depending on your specific location.The positioning of offers within a certain range depends on various factors, including: candidate experience, qualifications, skills, business requirements and geographical location.If you have any questions or comments about compensation as a candidate, please get in touch with us at [email protected].

Perks

  • Flexible work environment – ClickHouse is a distributed company offering remote-first work to all employees
  • Healthcare – Employer contributions towards your healthcare.
  • Equity in the company – Every new team member who joins our company receives stock options.
  • Time off – Flexible time off in the US, generous entitlement in all countries.
  • A $500 Home office setup if you’re a remote employee.
  • Employee-driven international mobility– we enable you to relocate internationally if you wish (within certain countries and timelines and subject to role requirements, time zones and work permit considerations)
Culture – We All Shape ItAs part of our first 200 employees, you will be instrumental in shaping our culture.We look for candidates who are:
  • Motivated by doing great work as part of a team :)
  • Open to learning from others and sharing with others
  • Team Players: helpful, resourceful, responsive
  • Respectful and see feedback as an opportunity to grow
Are you interested in finding out more about our culture? We are a one year old company therefore we are excited to be building it together at the moment. Our first 200 employees are the culture shapers of our future. Check out our blog posts or follow us on LinkedIn to find out more about what’s important to us, and to find out if you’d like to come and contribute to building our culture with us!Please see here for our Privacy Statement.
LET COMPANIES APPLY TO YOU

Job Overview

Salary:

Not Specified

Location:

United Kingdom 🇬🇧

Time Zone:

Full Time

Experience:

Mid Level

Subscribe to our newsletter

Share this job

With a colleague or someone who’s jobless

The book “Cracking the Coding Interview” by Gayle. is well received by the programming community and widely recommended by those who have read it.
Reviews: 4.7 out of 5(8.5k Reviews)

Disclosure: We may earn a commission from qualifying purchases made through links on this site. This comes at no extra cost to you and helps support our efforts.