Cloud Security Engineer/Researcher

Hello, we are Runecast.

Our Runecast Analyzer is used for mission-critical IT operations from deep sea to space. It catches configuration or security compliance errors in virtualized data centers before they lead to service disruptions or breaches. We are also performing Data Science research on ML and NLP for context-based free text processing to make this process even smarter.

We’re a team of entrepreneur-minded professionals from more than 15 countries – but united, with most of us in our largest operations center in Brno, Czech Republic. Our skills have convinced companies like Verizon, Scania, Fujisoft, the German Aerospace Center (DLR), Erste Bank, Avast, University of St Andrews and many other enterprises (and SMBs) to trust our solution to protect their data centers.‍

We are looking for an outstanding Security Engineer/Researcher - Cloud to join our team

We are a company with a flat hierarchy, so everyone has direct access to the CTO, CEO, and other company founders. We work in self-organized, agile teams where everyone can share ideas and influence how things get done. Our team consists of Java developers, QA specialists, virtualizations experts, AI scientists, UI engineers, and UX designers.

About the job

As a Security Engineer you will be part of a multi-disciplinary engineering team that is responsible for the research, development, and maintenance of security compliance and vulnerability rules and signatures for Runecast Analyzer.

In this team you will be mainly responsible for public cloud platforms, but you will have exposure and opportunities to work on other technologies: Kubernetes, VMware, Windows, Linux. The role involves tracking capabilities of new and existing public cloud services and understanding how they can be exploited, and mapping industry-standard compliance standards onto public cloud infrastructure, to provide customers insight into cloud hygiene and compliance. 

What you’ll do

• Research and Develop signatures to identify non-compliant configuration settings in the area of public cloud services, covering the requirements of regulatory compliance profiles such as CIS, PCI-DSS, NIST and newly reported vulnerabilities.
• Provide subject matter expertise to internal core engineering and development teams to leverage SDKs and APIs in order to interact with the public cloud services.
• Maintain the development and test infrastructure and quickly set up new disposable environments for testing and development.
• Participate in technical support cases for timely resolution of issues and for problem reproduction and escalation.
• For the most critical vulnerabilities and exploits, help prepare knowledgebase articles or blog posts detailing the findings and impact.

What You’ll Need

• Research mindset, with a hold on where to look for relevant information about threats, vulnerabilities and security compliance requirements.
• Ability to communicate, collaborate, and work effectively in a distributed team.
• Knowledge and understanding with Cloud services/Platforms and various cloud service provider offerings (AWS, Azure, Google)
• Experience with the operations of large production environments.
• Proficient in bash and python.

Bonus Points

• Working experience on UNIX/Linux, VMware, Kubernetes.
• Worked in a relevant position of IT security risk/vulnerability management;
• Familiarity with common compliance standards, such as CIS Benchmarks, PCI-DSS and HIPAA.

What we offer:

Enough of requirements! At Runecast, you can enjoy:

• A nice office in the Brno city center at Milady Horákové with international restaurants within a few minutes walk. Do you fancy Indian or Thai cuisine one day and traditional Czech the next? No problem!
• Work from the office or home, you decide. If you are not ready/willing to relocate to Brno, you can join our team remotely as well.
• Being part of a growing company that still has the energy of a startup. This means, for example, that our founders work among us every day. You can approach anyone at any time with an idea or lunch suggestion.
• Flexible working hours. We don’t care about clocking in and out at specific times. Some of us prefer to work early in the morning, others arrive later during the day. Work-life balance is important to us.
• Coffee, cookies, and healthy snacks. We eat around 80kg of apples every year. Fancy a bite?

We encourage you to apply:

Runecast is an equal opportunity employer and we value diversity at our company. We do not discriminate on the basis of your race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, disability or any other characteristic.