Your opportunity
New Relic is hiring a security engineer to join our Product Security Team! The Infrastructure Assurance team is responsible for safeguarding New Relic's global infrastructure (including servers, clusters, networks, workstations, and cloud). We focus on proactive security controls, performing pragmatic threat assessments, and working with teams to ensure they understand and prioritize security work appropriately.

We value character and practical experience over certifications, and believe that building relationships is far more effective at improving security than dictating what engineers can and cannot do. You do not need to have a deep history as a security engineer to qualify, but should be able to clearly demonstrate multi-cloud systems management, architectural design, automation skills, and show an interest in endorsing security as an integral component of the value that we provide to our customers.

What you'll do
  • Working understanding of SOC 2, FedRAMP, CIS Critical 18, and PCI DSS frameworks. 
  • Address software security risks in novel ways by applying technology, automation, relationships, and culture. We work in a continuous deployment, cloud-based environment and adapt our security efforts to the processes and technologies New Relic uses to deliver innovative and best-in-class products.
  • Collaborate with our architecture and standards teams to ensure that we are meeting the common needs of our engineering teams and that we are able to scale our support for them.
  • Work with software engineers to identify and analyze security vulnerabilities and follow through with issues until resolution.
  • Ability to explain and advise on security design and implementation of complex security problems, including the ability to dive into code reviews with developers
  • Lead and execute strategies to expand and enhance the Bug Bounty Program. Investigate, reproduce, and respond to security vulnerabilities reported through the bug bounty program.
  • Perform penetration testing of web applications/APIs/graphql and threat modeling for complex and high value applications and services, identifying and preventing security and privacy errors early in development.
  • Perform threat modeling, design and security reviews for complex and high value applications and services, identifying and preventing security and privacy errors early in development.
This role requires
  • Bachelor's degree in Computer Science or equivalent practical education and experience.
  • 4+ years application security engineering experience.
  • Programming and/or vulnerability research experience in one or more languages (such as: Ruby, Java, Go, Python)
  • Basic understanding of risk management, network security controls, authentication, and common security protocols.
  • Ability to work autonomously, navigate ambiguous situations, and identify innovative solutions. 
  • Ability to draft/maintain clear and concise documentation.
Bonus points if you have
  • Web application pentesting certifications like OSWA, OSWE, OSCP or equivalent.
  • Experience securing infrastructure and services built in Azure, or Google Cloud.
  • Experience performing security reviews and risk assessments.
  • Writing in and understanding an infrastructure orchestration solution, such as Terraform, Chef, or Ansible.
  • Proficiency in at least one programming language, like Python, Ruby, and/or Go.
  • Proven capability to improve various processes via automation.
Is a Remote Job?
No

New Relic helps engineers and developers do their best work every day — using data, not opinions — at every stage of the software lifecycle. The world’s best engineering teams rely on New Relic to...

Apply Now