Uncubed
           

Kibana - Application Security Engineer

Elastic, Distributed

Solving World Data Problems


About Elastic

At Elastic, we have a simple goal: to pursue the world's data problems with products that delight and inspire. We help people around the world do extraordinary things with their data. From stock quotes to Twitter streams, Apache logs to WordPress blogs, our products are extending what's possible with data, delivering on the promise that good things come from connecting the dots. Founded in 2012 by the people behind the Elasticsearch, Kibana, Logstash, and Beats open source projects, we believe that diversity drives our vibe. We unite employees across 30+ countries into one coherent team, while the broader community spans across over 100 countries.

 

Engineering Philosophy

We believe that engineering complex, pluggable software for the web that is built to last the test of time is both tricky and exciting. Doing so requires a team of diverse individuals, with sharp minds and the ability to empathize with our users, working together with mutual respect and a common mission.

We care deeply about giving you full ownership of what you're working on. Our company fundamentally believes great minds achieve greatness when they are set free and are surrounded and challenged by their peers, which is clearly visible throughout our organization. At Elastic, hierarchy does not determine how decisions get made. We feel that anyone needs to be in the position to comment on absolutely anything, regardless of their role within the company.

 

About The Role

You will act as a hands-on developer of the Kibana Security team which is responsible for the authentication providers, access control systems, and security hardening in Kibana. Additionally, the security team works with others to instill secure coding principles and best practices. You will work on many key projects and initiatives partnering closely across all Elastic teams. You will be responsible for delivering the roadmap of the Security team, reinforcing the quality of work, managing the technical debt, updating the project status, and providing support for the other parts of the Kibana team.

 

Some of the things you'll work on

  • Design and implement internal security mechanisms to secure individual Kibana servers
  • Implement access control for APIs, saved objects, and UI functionality
  • Create multi-layer solutions for safely executing server-side plugin code with node.js sandboxing and seccomp
  • Advocate for secure coding principles and best practices
  • Develop different single sign-on integrations
  • Perform vulnerability scans and coordinate remediation
  • Support our support engineers with harder security problems
  • Own compliance/standards agenda for Kibana( FIPS, PCI DSS, HIPAA, ISO, etc.)
  • Help define how developers build Kibana now and into the future
  • Work with the tech lead to architect a large JavaScript project designed to be actively developed for decades while embracing continuously-evolving modern web technologies
  • Write comprehensive tests, including unit tests, service-level, HTTP-level, UI component, and browser-level integration tests that provide confidence in the stability and function of Kibana
  • Collaborate with other experienced developers both in Elastic and our open source community, including code and technical design reviews

 

Requirements

  • 7+ years of experience building secure and scalable applications with JavaScript
  • Experience supporting and analyzing security incidents in production web services and applications
  • Experience writing and a deep appreciation for automated testing
  • Excellent verbal and written communication skills
  • A great teammate with strong analytical, problem solving, debugging and troubleshooting skills
  • Knowledge of common security related protocols (SSL, TLS, IPSec, etc.)
  • Experience of cryptographic encryption algorithms, key exchange algorithms, hashing algorithms, PKI, etc.
  • Strong JavaScript programming skills
  • Deep knowledge of Node.js
  • Understanding of many legacy JS frameworks and at least one modern JS framework such as Angular.js and React.js
  • Experience with the release process: Source code control, package installers, build scripts, Jenkins, etc.
  • Experience working with continuous Integration platforms. Jenkins experience is a plus.
  • Deep understanding of the design, implementation, and consumption of REST APIs
  • Excellent verbal and written communication skills
  • Strong analytical, problem solving, debugging and troubleshooting skills

 

Nice to have

  • Operational logging and monitoring
  • Managing a popular open source project
  • Previous experience in a globally distributed team
  • Experience with a statically typed language (e.g. TypeScript, Flow, Go, Java, etc)
  • Record of inheriting existing medium-to-large scale projects
  • Have worked on software that is distributed as installable artifacts (not a SaaS)
  • Have worked on software with a plugin system
  • Experience using or managing the Elastic Stack and Kibana

 

Additional Information

  • Competitive pay, medical, dental, vision, disability, benefits
  • Stock options
  • You will be working together with the most talented developers using cutting edge technology
  • Catered lunches, snacks, and beverages in most offices
  • An environment in which you can balance great work with a great life
  • Passionate people building great products
  • Employees with a wide variety of interests
  • Your age is only a number. It doesn't matter if you're just out of college or your children are; we need you for what you can do
  • Distributed-first company with employees all over the world, speaking over 30 languages! Some even fly south for the winter :-)

 

#LI-WN1

About Elastic

The Elastic Story We have a simple goal to solve the world's data problems with products that delight and inspire. As the company behind the popular open source projects — Elasticsearch, Kibana, Beats, and Logstash — we help people around the world do great things with their data. From stock quotes to Twitter streams, Apache logs to WordPress blogs, our products are extending what's possible with data, delivering on the promise that good things come from connecting the dots.

Founded in 2012 in Amsterdam by the people behind Elasticsearch and Apache Lucene, Elastic set forth a vision that search can solve a plethora of data problems. The origins of the company start back in 2010, when Shay Banon wrote the first lines of Elasticsearch and open sourced it as a distributed search engine. With the rise of cloud computing and changes in IT infrastructure demanding requirements such as real-time search across infinite amounts of structured and unstructured data, Shay foresaw the need for a new type of software to solve today's real-world data problems. Steven Schuurman, Uri Boness, and Simon Willnauer shared in Shay's vision, joining forces to create the Elastic company we have today. Since then, the creators of Kibana, Logstash, and Beats have joined the Elastic family, rounding out a product portfolio known as the Elastic Stack, which is used by millions of developers around the world. The Elastic family unites employees across 32 countries into one coherent team, while the broader community spans across over 100 countries.

Want to learn more about Elastic? Visit Elastic's website.