Frame.io is changing the future of how videos are made by helping over 1 million creative professionals seamlessly collaborate from all over the world.
We’re backed by Accel, FirstMark, Insight Partners, SignalFire, Jared Leto, and a host of other amazing investors. Our market-leading product is used and loved by companies such as Disney, NASA, Snapchat, BBC, BuzzFeed, TED, Adobe, Udemy, and many more.
We’re in an exciting period of growth and are on the hunt for talented and passionate individuals who share our vision for helping visual content creators produce their best work.
02About the Role
The Security Team at Frame.io is responsible for ensuring the protection of our customers’ data and content hosted in public clouds. We’re looking for a cloud security manager that’s passionate about security of public cloud infrastructure to help us continue improving our security and commitment to our users. In this hands-on manager role, you'll lead and work alongside the cloud security team to focus on improving cloud security posture, develop security automation, perform threat detection and incident response, and manage container and virtual machine security.
You will collaborate with diverse teams throughout the organization, guiding their adoption and improvement of security practices as we continue to scale our infrastructure and service growth in the cloud. If you have experience in managing security of a complex AWS environment and are driven to continue learning and growing with your team, we want to speak with you!
We are always looking for new ideas and staying active within the security community including writing research papers on threat intelligence pipelines, presenting at KubeCon, AWS Re:invent, and so much more.
- You have 3-5 years of direct hands-on cloud (AWS) security experience and 2+ years managing or leading teams
- You have experience with project and roadmap planning, thrive in fast-paced and ever-changing environments, and are self-motivated and results-oriented
- You value facilitating the growth of your team. You ensure that their careers progress and that the team culture is collaborative and inclusive
- You have a strong foundation in and an in-depth technical knowledge of securing workloads in the cloud and maintaining the strong security posture of cloud resources
- You have expertise in detection various attacks and exploitation techniques targeted towards cloud platforms and applications running within them
- Experience in docker containers and Kubernetes security such as pod-security policy, network security policy
- Experience in developing infrastructure-as-a-code using Terraform, CloudFormation, CI/CD, GitHub
- Experience in patch management, container scanning, and vulnerability scanning in the cloud
- Experience of working and securing AWS and its services such as EC2, Lambda, ELB, ECS, IAM, S3, RDS, CloudTrail, CloudFront, AWS Config, etc.
- Experience in working with various AWS logs such VPC Flowlog, CloudTrail, S3, Route53, Elb, CloudFront, WAF, etc.
- Strong experience in security automation and tool development to secure the cloud
- Extensive experience in security operations and threat detection in the cloud before they cause material damage to the business. In the event an alert is identified as a security incident, you will kick off Incident Response
- Extensive experience in incident response in the cloud. Incident response includes but is not limited to log analysis, memory and disk forensics, reverse engineering, network containment, threat eradication and postmortems. You will also develop and refine processes, plans and procedures and partner closely with other stakeholders across the business
- You’re proficient in one or more of the programming languages (Elixir, Node.js, Python, Go)
- Hire, manage, mentor and inspire a team of engineers who are passionate about security. Provide vision and set direction while leading effectively through outcomes rather than tasks
- Collaborate with diverse, cross-functional teams across site reliability, product security, and others to ensure secure deployment of applications and configurations of cloud resources
- Work with our VP to determine our security roadmap and goals
- Ensure all cloud resources are configured using AWS security best practices
- Serve as the security expert and communicate cloud security-related concepts to technical and non-technical team members
- Build and implement preventive and detective solutions that monitor and validate security controls throughout cloud infrastructure
- Provide technical and security expertise throughout the incident; then, implement any improvements assigned to Cloud Security
- Evangelize security best practices throughout the company. We care, show us how we can continue to improve!
- Promote collaboration and sharing of knowledge through regular demos, presentations, or blog posts within Frame.io as well as to the external technical community
- Develop and update relevant documentation, including security runbooks, specifications and diagrams
- Manage and be part of an on-call rotation
- Competitive salary and equity
- Paid parental leave for primary or secondary caregivers
- Unlimited PTO and designated Volunteering paid time off
- Yearly stipend for learning and development
- Medical, Dental, Vision Insurance and OneMedical membership
- Flexible Spending Account
- Monthly Work from Home Stipend
- 1 paid company-wide holiday for each month in the calendar year
- All-company week-long winter and summer breaks
Our philosophy is simple. At Frame.io, we believe that working with people of different backgrounds and perspectives allows us to elevate each other and helps us build a better product for our users.
We’re proud to be an equal opportunity employer, and are committed to providing all employees with a work environment that celebrates individuality and remains free from any form of discrimination and harassment. We base our employment decisions on the needs of our business, job requirements, and applicants' qualifications. In other words, we only care that you’re the best person for the job.