Senior Security Engineer, Big Data Container Platforms
Description
This is a Hybrid position within our Organization. The role will allow employees to work offsite but will also require onsite work based on business needs. The selected candidate will be expected to commute to the innovation center to which they are assigned as their primary GM facility. This position requires an employee to be onsite 1-3 times per week.
Position Overview
Big Data Infrastructure and Engineering is seeking motivated individuals with strong background in Kubernetes platform security and DevSecOps methodologies to fill the role of a Senior Security Engineer. The Big Data Edge Compute Platform (BDECP) is one of the primary compute engines for GM's data pipelines. It is managed by the Big Data Infrastructure and Engineering (BDIE) organization within Enterprise Technology Services (ETS). BDECP is a shared services platform built on a Kubernetes foundation which is at the core of GM's digital transformation supporting Artificial Intelligence, Machine Learning, Mobility and Vehicle Streaming applications. It is a fast-growing environment that consists of both CPU & GPU compute clusters.
Job Description
You will be responsible for platform hardening, ensuring tenant applications are architected securely, advancing platform architecture with security as the core tenet and refining our devsecops methodologies to continue to incorporate security earlier in the lifecycle (shift left). You will bring your strong experience in public cloud security to on prem solutions to develop and deploy secure platform capabilities and features. In order to improve our security posture and compliance, you will need to collaborate with platform, enterprise security and application teams and be able to influence without direct authority. An integral part of day to day job of the platform security engineer will also be responding to incidents, problem tasks and driving them to resolution.
- Be able to develop pragmatic solutions to security engineering problems and vision presented by management, own it and implement it end to end
- Design, develop and deploy platform services for security in the areas of network, perimeter, API, secrets & configuration management and AuthNZ
- Analyze proposed application architecture and data flows to identify security concerns and support architecture changes and/or provide solutions
- Implement best practices for identity and access management in a shared multi-tenant Kubernetes environment
- Contribute to security incident and event management solutions, develop alerts & dashboards, operationalize
- Conduct proofs of concept for evaluation and adoption of new security tools & technologies
- Assess performance impact of security solutions and optimize, mitigate as appropriate
- Triage, diagnose and remediate platform related issues as well as support customer issue resolution
- Ensure compliance with enterprise security policies and procedures
Additional Description
Skills and Experience
- Hands on, job related Kubernetes experience with a combination of platform engineering, security implementation and docker based application development
- More than ten years of progressive engineering experience in Information Technology
- Minimum two years of experience with Kubernetes in public cloud such as Amazon EKS, Google GKE or Azure AKS with emphasis on security
- Experience with commercial Kubernetes distribution such as OpenShift, Rancher, Mirantis, Tanzu and their security practices is a plus
- Experience with secure configuration of Kubernetes network services including ingress, software load balancers and nodeports
- Demonstrated knowledge of containerized application development using CI/CD methods and toolsets (e.g. Jenkins, Azure DevOps; Github, Gitlab, Bitbucket etc.)
- Experience with container security solutions such as Aqua, Twistlock or Sysdig Secure
- Experience with Kubernetes secrets, SSL certificates and SSH key management
- Experience with Kubernetes federated authentication model using OIDC, associated toolsets and directory authentication (Active Directory, LDAP, Dex, Gangway)
- Experience with logging & monitoring solutions (ELK, Prometheus, Grafana etc.)
- Understanding of cloud security and CASB products & technologies
- Experience with service automation and infrastructure as code using technologies such as Chef, Ansible or Terraform
- Knowledge of software defined storage, networking and how to configure them for K8s services & deployments
- Knowledge of Linux file system hierarchy, package management, command line interface and bash scripting
- Some development experience with Python, Java, or other programming languages
- Ability to multi-task and work collaboratively as part of a cross functional team
- Bachelor's degree in Computer Science or Engineering. Master's degree is viewed favorably.
- Some level of certification in open source, cloud or commercial Kubernetes distributions (examples - Kubernetes Administrator, Kubernetes Security Specialist) is desirable
- Information security certification such as CISSP, CISA etc is nice to have but not required
- Strong written and verbal communication skills with ability to tailor messaging to the audience
About GM
Our vision is a world with Zero Crashes, Zero Emissions and Zero Congestion and we embrace the responsibility to lead the change that will make our world better, safer and more equitable for all.
Why Join Us
We aspire to be the most inclusive company in the world. We believe we all must make a choice every day - individually and collectively - to drive meaningful change through our words, our deeds and our culture. Our Work Appropriately philosophy supports our foundation of inclusion and provides employees the flexibility to work where they can have the greatest impact on achieving our goals, dependent on role needs. Every day, we want every employee, no matter their background, ethnicity, preferences, or location, to feel they belong to one General Motors team.
Benefits Overview
The goal of the General Motors total rewards program is to support the health and well-being of you and your family. Our comprehensive compensation plan incudes, the following benefits, in addition to many others:• Paid time off including vacation days, holidays, and parental leave for mothers, fathers and adoptive parents;• Healthcare (including a triple tax advantaged health savings account and wellness incentive), dental, vision and life insurance plans to cover you and your family;• Company and matching contributions to 401K savings plan to help you save for retirement;• Global recognition program for peers and leaders to recognize and be recognized for results and behaviors that reflect our company values; • Tuition assistance and student loan refinancing;• Discount on GM vehicles for you, your family and friends.
Diversity Information
General Motors is committed to being a workplace that is not only free of discrimination, but one that genuinely fosters inclusion and belonging. We strongly believe that workforce diversity creates an environment in which our employees can thrive and develop better products for our customers. We understand and embrace the variety through which people gain experiences whether through professional, personal, educational, or volunteer opportunities. GM is proud to be an equal opportunity employer.
We encourage interested candidates to review the key responsibilities and qualifications and apply for any positions that match your skills and capabilities.
Equal Employment Opportunity Statements
The policy of General Motors is to extend opportunities to qualified applicants and employees on an equal basis regardless of an individual's age, race, color, sex, religion, national origin, disability, sexual orientation, gender identity/expression or veteran status. Additionally, General Motors is committed to being an Equal Employment Opportunity (EEO) Employer and offers opportunities to all job seekers including individuals with disabilities. If you need a reasonable accommodation to assist with your job search or application for employment, email us at [email protected] . In your email, please include a description of the specific accommodation you are requesting as well as the job title and requisition number of the position for which you are applying.