Kibana - Application Security Engineer

Apply     

Elastic is a search company with a simple goal: to solve the world's data problems with products that delight and inspire. As the creators of the Elastic Stack, we help thousands of organizations including Cisco, eBay, Goldman Sachs, Microsoft, The Mayo Clinic, NASA, The New York Times, Wikipedia, Verizon, and many more use Elastic to power mission-critical systems. From stock quotes to Twitter streams, Apache logs to WordPress blogs, our products are extending what's possible with data, delivering on the promise that good things come from connecting the dots. We have a distributed team of Elasticians across 30+ countries (and counting), and our diverse open source community spans over 100 countries. Learn more at elastic.co

About Elastic

Engineering Philosophy

We believe that engineering complex, pluggable software for the web that is built to last the test of time is both tricky and exciting. Doing so requires a team of diverse individuals, with sharp minds and the ability to empathize with our users, working together with mutual respect and a common mission.

We care deeply about giving you full ownership of what you're working on. Our company fundamentally believes great minds achieve greatness when they are set free and are surrounded and challenged by their peers, which is clearly visible throughout our organization. At Elastic, hierarchy does not determine how decisions get made. We feel that anyone needs to be in the position to comment on absolutely anything, regardless of their role within the company.

About The Role

You will act as a hands-on developer of the Kibana Security team which is responsible for the authentication providers, access control systems, and security hardening in Kibana. Additionally, the security team works with others to instill secure coding principles and best practices. You will work on many key projects and initiatives partnering closely across all Elastic teams. You will be responsible for delivering the roadmap of the Security team, reinforcing the quality of work, managing the technical debt, updating the project status, and providing support for the other parts of the Kibana team.

Some of the things you'll work on

  • Design and implement internal security mechanisms to secure individual Kibana servers
  • Implement access control for APIs, saved objects, and UI functionality
  • Create multi-layer solutions for safely executing server-side plugin code with node.js sandboxing and seccomp
  • Advocate for secure coding principles and best practices
  • Develop different single sign-on integrations
  • Perform vulnerability scans and coordinate remediation
  • Support our support engineers with harder security problems
  • Own compliance/standards agenda for Kibana( FIPS, PCI DSS, HIPAA, ISO, etc.)
  • Help define how developers build Kibana now and into the future
  • Work with the tech lead to architect a large JavaScript project designed to be actively developed for decades while embracing continuously-evolving modern web technologies
  • Write comprehensive tests, including unit tests, service-level, HTTP-level, UI component, and browser-level integration tests that provide confidence in the stability and function of Kibana
  • Collaborate with other experienced developers both in Elastic and our open source community, including code and technical design reviews

Requirements

  • 7+ years of experience building secure and scalable applications with JavaScript
  • Experience supporting and analyzing security incidents in production web services and applications
  • Experience writing and a deep appreciation for automated testing
  • Excellent verbal and written communication skills
  • A great teammate with strong analytical, problem solving, debugging and troubleshooting skills
  • Knowledge of common security related protocols (SSL, TLS, IPSec, etc.)
  • Experience of cryptographic encryption algorithms, key exchange algorithms, hashing algorithms, PKI, etc.
  • Strong JavaScript programming skills
  • Deep knowledge of Node.js
  • Understanding of many legacy JS frameworks and at least one modern JS framework such as Angular.js and React.js
  • Experience with the release process: Source code control, package installers, build scripts, Jenkins, etc.
  • Experience working with continuous Integration platforms. Jenkins experience is a plus.
  • Deep understanding of the design, implementation, and consumption of REST APIs
  • Excellent verbal and written communication skills
  • Strong analytical, problem solving, debugging and troubleshooting skills

Nice to have

  • Operational logging and monitoring
  • Managing a popular open source project
  • Previous experience in a globally distributed team
  • Experience with a statically typed language (e.g. TypeScript, Flow, Go, Java, etc)
  • Record of inheriting existing medium-to-large scale projects
  • Have worked on software that is distributed as installable artifacts (not a SaaS)
  • Have worked on software with a plugin system
  • Experience using or managing the Elastic Stack and Kibana

#LI-WN1

Additional Information - We Take Care of Our People

At Elastic, we strive to have parity of benefits across regions. While regulations differ from place to place, we believe taking care of people is the right thing to do.

  • Health coverage for you and your family.
  • Flexible location and schedule for many roles.
  • Generous number of vacation days each year.
  • Double your charitable giving — we match up to 1% of your salary.
  • Up to 40 hours each year to use toward volunteer projects you love.

Elastic is an Equal Employment employer committed to the principles of equal employment opportunity and affirmative action for all applicants and employees. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status or any other basis protected by federal, state or local law, ordinance or regulation. Elastic also makes reasonable accommodations for disabled employees consistent with applicable law.

When you apply to a job on this site, the personal data contained in your application will be collected by Elasticsearch, Inc. (“Elastic”) which is located at 800 W. El Camino Real, Suite 350 Mountain View, CA 94040 USA, and can be contacted by emailing jobs@elastic.co. Your personal data will be processed for the purposes of managing Elastic’s recruitment related activities, which include setting up and conducting interviews and tests for applicants, evaluating and assessing the results thereto, and as is otherwise needed in the recruitment and hiring processes. Such processing is legally permissible under Art. 6(1)(f) of Regulation (EU) 2016/679 (General Data Protection Regulation) as necessary for the purposes of the legitimate interests pursued by Elastic, which are the solicitation, evaluation, and selection of applicants for employment. Your personal data will be shared with Greenhouse Software, Inc., a cloud services provider located in the United States of America and engaged by Elastic to help manage its recruitment and hiring process on Elastic’s behalf. Accordingly, if you are located outside of the United States, your personal data will be transferred to the United States once you submit it through this site. Because the European Union Commission has determined that United States data privacy laws do not ensure an adequate level of protection for personal data collected from EU data subjects, the transfer will be subject to appropriate additional safeguards under the standard contractual clauses. You can obtain a copy of the standard contractual clauses by contacting us at privacy@elastic.co. Elastic’s data protection officer is Daniela Duda, who can be contacted at daniela.duda@elastic.co. We plan to keep your data until our open role is filled. We cannot estimate the exact time period, but we will consider this period ended when a candidate accepts our job offer for the position for which we are considering you. When that period is over, we may keep your data for an additional period no longer than 3 years in case additional opportunities present themselves in which yours skills might be better suited. For additional details, please see our Elastic Privacy Statement https://www.elastic.co/legal/privacy-statement.

Apply     

Notify Me of Open Positions

Sign up to receive emails when Elastic posts open positions you might be interested in:

{{alert.msg}}