Security Engineer
Security Engineer
Baseten
Baseten is seeking an experienced Security Engineer to enhance the security of its machine learning infrastructure platform. The role involves collaborating with engineering and operations teams to ensure high standards of security, shaping security strategies, and implementing best practices. This position is critical as Baseten scales its operations following significant funding.
Qualification
- 3+ years of experience in a Security Engineer or similar security-focused role, preferably in a fast-paced startup environment.
- Strong knowledge of cloud security practices and tools, particularly in AWS and GCP environments.
- Experience with vulnerability management tools and methodologies, including penetration testing.
- Familiarity with incident response processes and security compliance standards.
- Understanding of identity and access management (IAM) principles and tools.
- Ability to develop and deliver security training and awareness programs for employees.
- Experience with DevSecOps practices and integrating security into CI/CD pipelines.
Responsibility
- Collaborate with engineering teams to design and implement secure systems and infrastructure, including cloud environments (AWS/GCP) and container orchestration platforms.
- Lead proactive vulnerability assessments, penetration tests, and remediation efforts to maintain security of products and infrastructure.
- Develop and maintain incident response processes, including detection, analysis, containment, eradication, and post-incident reviews.
- Oversee identity and access management (IAM) strategies and tools to ensure appropriate access levels to systems and data.
- Ensure compliance with relevant standards (e.g., SOC 2, ISO 27001) and assist with audits, policy creation, and risk assessments.
- Develop and deliver security training programs and documentation for employees on best practices and secure coding standards.
- Partner with DevOps teams to integrate security into the CI/CD pipeline, automating security checks and promoting a culture of 'security as code'.
