Vacancy expired!
Job Description:
Firm Profile: Blackstone is one of the world's leading investment firms. We seek to create positive economic impact and long-term value for our investors, the companies we invest in, and the communities in which we work. We do this by using extraordinary people and flexible capital to help companies solve problems. Our $731 billion in assets under management include investment vehicles focused on private equity, real estate, public debt and equity, life sciences, growth equity, opportunistic, non-investment grade credit, real assets and secondary funds, all on a global basis. Further information is available at www.blackstone.com. Follow Blackstone on Twitter @Blackstone. Blackstone Innovations Profile: Blackstone Technology and Innovations (BXTI) is the technology team at the core of each of Blackstone's businesses and new growth initiatives. Serving both internal and external clients, we work to build the next generation of systems that manage risk, create efficiency and improve transparency within the firm and across our broad community of investors and portfolio companies.BXTI is nimble and entrepreneurial - our open, iterative design processes and rapid pace of development mean that everyone on the team has the opportunity to make an impact from day one. We are problem solvers who can take projects from idea to implementation. We believe in active mentoring and developing excellence. We collaborate to find the best answers for our customers and for Blackstone. We are critical to the firm maintaining its competitive edge.Your Role:Blackstone's Application & Cloud Security (AppSec) Team is responsible for empowering 250+ builders to set and meet security goals by identifying and managing software risks while balancing security with agility. You will join an ambitious and talented team of security engineers that are responsible for evolving how Blackstone "does security" as it continues to move to modern and next-generation architectures.The AppSec team partners with Developers to build secure services, and with Engineers to build security into foundational platforms that developers build on. Together, we also empower members of the broader Cybersecurity team to take on their responsibilities within these new patterns.Responsibilities:- Enable product owners to set security objectives that tie back to unique business requirements, not just industry standards or best practices.
- Build efficient, resilient and well-documented systems so the team can focus on the next challenge instead of operational overhead.
- Assess the risk of web and RESTful applications deployed on cloud platforms through threat modelling, building attack trees and occasionally penetration testing.
- Communicate software vulnerabilities and mitigation options to stakeholders that balance business agility with security.
- Partner with Developer teams to meet security objectives through training and integrating vendors or build your own solutions into software development processes.
- Establish polices & standards to guide builders to meet security requirements.
- B.S. in Computer Science, Cybersecurity, Management Information Systems, Engineering, or related technology field.
- Experience in at least one software language, ideally Python but others are acceptable.
- Experience in implementing Cloud and Container Security tooling such Cloud Security Management Platforms.
- Knowledge of cloud infrastructure and systems hardening standards.
- Experience with CI/CD tools and concepts to embed security into DevOps pipelines (DevSecOps).
- Ability to build secure containerized applications running on Kubernetes, detect compromised applications and/or application user accounts.
- Experience with HashiCorp Vault Enterprise (or another enterprise secrets management solution) to manage secrets at deployment and runtime.
- Experience with AWS and essentials services such as IAM, CloudTrail, EC2, S3, DynamoDB, Lambda, Config and GuardDuty
- Experience with Kubernetes and experience with essential services such as Pods, Services, Ingress, ConfigMaps and access controls
- Has managed their work using agile methodologies including sprints and story estimation.
- Has a passion for excellence and growth - challenges the current state with opinions grounded in principles and experience, not just best practices.
- Able to take-on challenges and propose solutions with minimal guidance.
Vacancy expired!