Product Security Engineer - Vulnerability Management

Chainalysis is seeking a dynamic and passionate Product Security Engineer with 2-4 years of experience in application, cloud, or infrastructure security to join our cutting-edge team. As a trailblazer in blockchain forensics, we require a candidate who has a strong understanding of cloud security best practices, application security principles, and excels at communicating and collaborating with various stakeholders within the organization. A background in software development is a valuable addition. In this crucial role, you will be responsible for identifying and managing vulnerabilities within our organization's product portfolio across cloud and application environments, ensuring the security and integrity of our innovative solutions in the blockchain industry. Through effective vulnerability management, you will contribute to the ongoing protection and advancement of our cutting-edge products and services.

Key Responsibilities:

• Proactively identify, assess, and prioritize security vulnerabilities in our cloud and application environments, and manage them through the remediation process
• Manage and optimize vulnerability management tools such as Tenable, Lacework, and JFrog, ensuring their effective use and alignment with the organization's security requirements and best practices
• Develop and maintain meaningful security metrics for vulnerability management tools such as Tenable, Lacework, and JFrog, to evaluate their effectiveness and alignment with the organization's security requirements and best practices
• Perform container image scanning to identify and remediate vulnerabilities in containerized applications, ensuring that only secure images are deployed within the environment.
• Conduct instance OS scanning to detect and address vulnerabilities in operating systems running on virtual machines or cloud instances, maintaining the security and compliance of the infrastructure.
• Establish and maintain container image and instance OS scanning policies and procedures, ensuring that scanning and remediation activities are aligned with the organization's security requirements and best practices.
• Collaborate with development, operations, and security teams to integrate container image and instance OS scanning into CI/CD pipelines, promoting a proactive approach to vulnerability management.
• Continuously monitor and report on the effectiveness of container image and instance OS scanning efforts, providing actionable insights and recommendations for improvement.
• Provide support to internal users of security tools and promptly respond to Jira tickets assigned to the security team, ensuring effective collaboration and addressing security-related concerns across the organization

A background like this helps:

• Experience with vulnerability management tools such as Tenable, Lacework, and JFrog
• Experience with AWS cloud security best practices
• Experience with Containers and Kubernetes in AWS
• Experience with Patch Management and Configuration Management Tools, including AWS SSM or Ansible.
• Experience with Bash and/or Python Scripting to automate various tasks, include patch management, repetitive tasks, data collection, security audits and compliance checks
• Experience with Linux operating systems, including the ability to understand and analyze system components such as patches, libraries, and configurations to identify and remediate vulnerabilities.
• Familiarity with Linux package management systems (e.g., apt, yum, etc) to effectively manage software updates, patches, and dependencies for maintaining secure and up-to-date systems.
• Experience with container scanning using JFrog Xray, with the ability to configure and manage policies, integrations, and security rules for effective vulnerability detection and remediation in container images.
• Experience with JFrog Artifactory and its integration with JFrog Xray for comprehensive artifact management and security scanning in a unified platform.