Senior Cyber Defense Engineer



Australia · New Zealand
Posted on Tuesday, July 9, 2024

We build tools to help the best software teams stay happy and productive. We’ve rethought how CI/CD should work and have built a platform that is fast, reliable, secure, and is able to scale to the needs of the most demanding high-growth tech companies including Shopify, Pinterest, Wayfair, Cruise, PagerDuty, Culture Amp, and Canva.

Buildkite’s mission is to unblock every developer on the planet. Our CI/CD platform is used by the best engineering teams in the world, including Airbnb, Shopify, PagerDuty, and Lyft.

As a Senior Cyber Defense Engineer, you will play a vital role in establishing our continuous security monitoring and security incident response capability. You will monitor and respond to security events, collaborating with cross-functional teams providing valuable insights and guidance. You will proactively develop defences against threats and your expertise will contribute to robust security incident response capabilities whilst building a resilient Buildkite. The long term goal for this role is to be a core part of an established internal PSIRT at Buildkite.

What you’ll be doing

With a fast growing company and a new team, your day to day will be anything but the same.

However, you can expect the following on an ongoing basis:

  1. Develop your mastery of the field through the design and implementation of Buildkite’s continuous security monitoring and security incident response capability
  2. Autonomously partner with cross-functional teams at Buildkite to recognise the evolving threat profile of the organisation and develop the security monitoring capability appropriately
  3. Purposely work towards building a capability that is effective, efficient and one that you personally take pride in

You will be:

  • Laying the groundwork for the security operations team with a goal to operationalise a continuous security monitoring and security incident response capability
  • Monitor security alerts and events from various sources and respond promptly to security incidents, following the established incident management plan
  • Build and nurture influential partnerships with key stakeholders, acting as a conduit between security and various cross-functional teams
  • Define and refine the incident management plan based on emerging threats and evolving cybersecurity landscape

What you bring to the role

We understand people come in all shapes and sizes. Although we have attempted to list out the requirements for the role comprehensively, we still want to hear from you if you meet some but not all the requirements. You may bring to the role something we never knew we wanted or needed.

Need to have

  • AU/NZ citizenship
  • People first approach to solving security challenges
  • Able to work remotely and independently with a growth mindset
  • Operational experience with a SIEM and/or SOAR platform
  • Demonstrate experience in security incident handling and security operations
  • Possess an understanding of network protocols, systems, and infrastructure security principles
  • Exhibit proficiency in analysing business and employee needs, recommending, and designing end-to-end security solutions
  • Display strong incident management skills, effectively managing multiple incidents and driving results
  • Participate in cross-functional security projects and initiatives, providing security expertise and guidance to ensure the secure implementation of innovative technologies and systems
  • Possess excellent communication skills to collaborate with cross-functional teams and convey complex security concepts effectively

Nice to have

  • Programming experience in either Ruby or Go
  • Operational experience with an IaC (Terraform/OpenTofu) product
  • Experience with software development paradigms such as source control management, continuous integration and continuous deployment
  • Knowledge of security frameworks such as OWASP, NIST CSF, CIS Benchmarks, etc.
  • Prior experience operating elements of the NIST 800-61 r2 CSIH guide
  • One of the following Security certifications or equivalent associated with security operations:
    • Offensive Security's OSCP, OSDA or OSWE
    • SANS's GSOC or GMON
    • AWS’s DevOps Engineer - Professional or Certified Security - Speciality
  • 3+ years experience with a Cloud platform such as AWS
  • 5+ years experience working in a SOC or MSP/MSSP
  • Non-security related certifications are not a must but would be highly regarded

Buildkite is a differently shaped company that values work-life balance and supports staff to work the ways that make sense for them. From the beginning, our goal has been to build a company that is people-centered, supportive and just a little bit weird 💚