VMware Senior Software Engineer (Security Focus) - Tanzu Observability - Opportunity for Working Remotely in San Francisco, California
The Elevator Pitch: Why will you enjoy this new opportunity?
You have a genuine passion for the craft of creating secure software platforms. You love solving problems, learning new technologies, participating in capture-the-flag exercises, and ultimately defending (in-depth) against layers of vulnerabilities. You love using your technical skills and understanding to provide your customers trust and peace-of-mind.
Tanzu Observability by Wavefront offers many opportunities for applying your creativity and skills to a cutting-edge cloud observability platform. We are a growing team developing a SaaS product that is used 24/7 by development and site-reliability teams at leading enterprises such as Lyft, Doordash, Reddit, Snowflake, Intuit, Box, Workday, and many more!
What is the primary need, technical challenge, and/or problem you will be responsible for?
We need a senior engineer responsible for the security and compliance of the Tanzu Observability platform from the developer side, especially as we pursue standards such as ISO 20071, PCI, SOC-2, and FedRAMP.
You will be working closely with staff engineers, software architects, product and program managers, and the release and SRE teams as you design and implement security controls and best practices in the code and in the development and deployment processes. You will also help vulnerability assessment and remediation by working alongside corporate security teams and Tanzu Observability engineering management, to prepare and maintain the platform for compliance audits and assessments and enable other software engineers for security-oriented projects.
In your available time away from security-related development, you will contribute as a member of the Metrics observability subgroup under Tanzu Observability, working on high-scale data-ingestion, querying, and visualizations of metric, histogram, and event data streams. The group charter also includes making the creation and management of observability practices such as alerting, notifications, dashboarding, and root cause analysis using AI-provided insights intuitive and easy-to-use.
What differentiates us in the current observability landscape is our scalable and extremely powerful data platform and UI, and you will play a key role in taking our platform to the next level.
Success in the role: What are the performance goals over the first 6-12 months you will work toward completing?
You will work on moving Tanzu Observability through one or more security compliance processes by developing new security features within the SaaS product, designing changes to the CI/CD processes to ensure code integrity, and potentially building and designing operations in new, more secure and restrictive cloud environments.
You will work closely with engineering leads and product/program managers to track compliance status and help organize and create security whitepapers and documentation for consumption by sales and marketing teams.
You will help respond to internal and external security scans and audits in collaboration with engineering leads and SRE team and triage and remediate any vulnerabilities found.
You will help evaluate/recommend/manage security products including IDS/Firewalls/SIEMs as they become necessary.
If time away from security allows, we welcome your contributions towards a world-class observability product! One such possibility is continuing the de-composition of our services into smaller microservices, but other product feature contributions are welcome as well!
During non-pandemic times, we spent most of our time in VMware office and we hope to return to the office someday. Right now, we’re all completely remote and remote teamwork is increasingly important to us. You should be able to collaborate remotely via Slack/Zoom etc.
What type of work will you be doing? What assignments, requirements, or skills will you be performing on a regular basis?
As a key member of Tanzu Observability team,
You will be part of design and code meetings, reviewing through a security-focused lens.
You will help plan and conduct code, build, and deployment changes necessary to strengthen the security of the Tanzu Observability platform.
You will review vulnerability and bug reports, prioritize necessary remediations, and help execute said remediations.
You will contribute to security-centric communications, whether white papers or responses to customer queries. You may also perform security enablement via talks or training for the product, sales, and engineering teams.
You will also contribute backend and/or frontend features towards a world class observability product.
You should have great communication and presentation skills.
The technical experience in your background which may help your success in this new role include:
Experience with certification against with one or more security and compliance standards: FedRAMP, PCI, ISO 20071, SOC-2, HIPAA, etc
Knowledgeable about the security/vulnerability ecosystem and tooling: OWASP Top 10, CVE, Qualys, Lacework, Acunetix, Threat Stack, Nessus, Penetration Testing, Intrusion Detection, Static Analysis, etc.
Java RESTful backends, including Dropwizard and Spring, Guava, Guice, different garbage collectors, Jersey, Jetty, Netty, and the Java networking stack.
Distributed systems and microservice libraries, such as gRPC, Avro, Thrift, Envoy, Istio, etc.
Massive-Scale NoSQL data stores such as Cassandra, HBase, FoundationDB, etc.
Previous experience with observability or monitoring such as Grafana, Prometheus, TICK stack, StatsD, DataDog, SignalFX, etc.
We know from experience that not ticking every box on the skills sections stops many from applying. Please apply regardless of your self-assessment -- we want to hear from you! We have seen engineers succeed with a diverse range of skills and experiences.
What is the leadership like for this role? What is the structure and culture of the team like?
This role is for the Metrics Observability subgroup (out of 4) within Tanzu Observability. The leadership chain for Metrics Observability include a senior manager who has been with the Wavefront product since 2015 and has published at academic security conferences like IEEE S&P and CCS, a senior engineering director who has been with Wavefront since 2018 and with VMware for over a decade, and a principal engineer who co-founded Wavefront back in 2013.
Metrics Observability currently has more than 10 engineers and is still rapidly growing. We used to mostly work out of the Palo Alto office but have now fully adapted to remote work, with team leads and members in the SF Bay, Austin and Denver.
Culturally, the team is focused on innovation, customer value, execution, growth, and kindness. We retain the original startup DNA in our responsiveness and respect towards everyone’s contributions and focus on exciting big ideas, innovation, and features and fixes that deliver customer value. However, we have the stable backing VMware, which is itself a values-driven company and a great place to work!
What are the benefits and perks of working at VMware?
You and your loved ones will be supported with a competitive and comprehensive benefits package. Below are some highlights, or you can view the complete benefits package by visiting www.benefits.vmware.com .
Employee Stock Purchase Plan
Medical Coverage, Retirement, and Parental Leave Plans for All Family Types
Generous Time Off Programs
40 hours of paid time to volunteer in your community
Rethink’s Neurodiversity program to support parents raising children with learning or behavior challenges, or developmental disabilities
Financial contributions to your ongoing development (conference participation, trainings, course work, etc.)
Healthy and local inspired snacks in all our pantries
This position is eligible for TanzuObservability referral campaign
Category : Engineering and Technology
Subcategory: Software Engineering
Experience: Manager and Professional
Full Time/ Part Time: Full Time
Posted Date: 2021-05-25
VMware Company Overview: At VMware, we believe that software has the power to unlock new opportunities for people and our planet. We look beyond the barriers of compromise to engineer new ways to make technologies work together seamlessly. Our cloud, mobility, and security software form a flexible, consistent digital foundation for securely delivering the apps, services and experiences that are transforming business innovation around the globe. At the core of what we do are our people who deeply value execution, passion, integrity, customers, and community. Shape what’s possible today at http://careers.vmware.com.
Equal Employment Opportunity Statement: VMware is an Equal Opportunity Employer and Prohibits Discrimination and Harassment of Any Kind: VMware is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at VMware are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. VMware will not tolerate discrimination or harassment based on any of these characteristics. VMware encourages applicants of all ages. Vmware will provide reasonable accommodation to employees who have protected disabilities consistent with local law.
- VMware Jobs