About the Role: We are looking for a Lead Security Compliance Engineer to join our ODP team. In this role, you will play a pivotal role in ensuring security and compliance across our ODP platform and open-source technologies. You will leverage your expertise in Big Data systems, security frameworks, and compliance standards to design, implement, and maintain security controls across diverse ecosystems, including Apache Hadoop, Hive, Kafka, Spark, Hbase, Ambari. Collaborating with internal teams and open-source communities, you will work on identifying vulnerabilities, proposing solutions, and contributing to the security roadmap of key Apache projects. This role involves managing compliance with global regulations, performing risk assessments, and automating security checks to ensure seamless operations. You will also act as a subject matter expert for teams, helping to resolve product vulnerabilities, mitigate risks, and address security challenges in both pre- and post-deployment stages. Your contributions will be critical in protecting sensitive data, securing our platforms, and ensuring compliance with regulatory requirements. If you are passionate about Big Data security and open-source innovation, this role offers a unique opportunity to make a meaningful impact while working with cutting-edge technologies and industry leaders.
You are a great fit for this role if you have
A strong desire to address complex security challenges across Big Data platforms, with a proven track record of driving solutions independently.
Solid understanding of cloud and on-premise security technologies, including securing workloads on AWS, Azure, GCP, and hybrid environments.
Hands-on experience with security tools and integrating automated vulnerability assessments into CI/CD pipelines.
Proficiency in programming and scripting languages like Python, Java, or Bash, and familiarity with securing containerized workloads (Docker, Kubernetes).
Excellent communication skills, with the ability to articulate complex vulnerabilities, mitigation strategies, and solutions to diverse stakeholders.
Excellent communication skills, with an ability to clearly and concisely explain tricky issues and complex solutions
Ability to quickly learn new technologies
Ability and willingness to travel up to 50% of the time to meet with customers
What we look for:
8-10 years of expertise in identifying, and fixing vulnerabilities in open-source projects and contributing security patches to upstream communities.
Strong programming skills in Python, Java, and Bash, with expertise in containerization tools (Docker, Kubernetes) and security practices.
Proficiency in security tools like MendScan, Aqua Scanner, Trivy, and Twistlock, with the ability to automate vulnerability assessments and integrate security checks into CI/CD pipelines.
Strong understanding of open-source technologies with hands-on experience in Big Data platforms like Hadoop, Spark, Hive, Kafka, and related tools, along with familiarity with their architecture and associated security challenges.
In-depth knowledge of securing deployments across cloud platforms (AWS, Azure, GCP) and on-premises environments, with familiarity in hybrid infrastructure and its security requirements.
Strong awareness of emerging threats, vulnerabilities, and attack vectors in open-source software, with expertise in implementing preventive measures and mitigating risks effectively.
Good to have: Experience with compliance frameworks like SOC2, GDPR, HIPAA, PCI DSS, ISO 27001, and NIST, with the ability to implement and automate compliance controls and manage related documentation.
Experience collaborating with open-source communities, contributing patches, and engaging in security-related discussions to improve project security.
Strong problem-solving mindset with the ability to propose effective workarounds and long-term solutions for mitigating vulnerabilities.