At Elastic, we have a simple goal: to pursue the world's data problems with products that delight and inspire. We help people around the world do exceptional things with their data. From stock quotes to Twitter streams, Apache logs to WordPress blogs, our products are extending what's possible with data, delivering on the promise that good things come from connecting the dots. Often, what you can do with our products is only limited by what you can dream up. We believe that diversity drives our vibe. We unite employees across 30+ countries into one unified team, while the broader community spans across over 100 countries. Thanks to our ongoing expansion we have the opportunity to grow our Cloud Application Security team.

We're a part of the Elastic Cloud team with a focus on finding security flaws in complex distributed systems and coming up with creative and approachable solutions that enable developers to ship secure code.

We’re looking for people who are just as passionate about uncovering an obscure security vulnerability as they are about working with developers to ship more secure code. Would you like to focus on building and maintaining Application Security program that will be used throughout the industry?

What you will be doing:

Take shared ownership in driving the creation and implementation of a best-in-class application security program for Elastic Cloud.

Take ownership for the offensive security program, including penetration testing, red team activities, and security research.

Responsible for manual code analysis, proof of concept exploit code development, and deploying automated solutions to do the same.

Be a proponent and champion of a DevSecOps culture and environment for a large team of highly talented developers and engineers

What you bring along:

A history of uncovering, exploiting, and remediating application or system security flaws.

A deep understanding of coding and scripting languages such as Java and Python, Scala, among others and can easily adapt to other languages quickly and efficiently.

Knowledge of and experience with manipulating protocols and libraries in order to compromise the security of a set of systems or code

Previous work as a developer for a large code base and collaboration with engineers and developers

Bonus Points:

You have hands on experience in both using and securing Linux based systems and containers

You've worked on open source projects before and are familiar with different styles of source control workflow and continuous integration and management (GitHub, Terraform, Ansible, RunDeck, etc).

Additional Information:

Competitive pay

Equity

Catered lunches, snacks, and beverages in most offices

An environment in which you can balance great work with a great life

Passionate people building excellent products

Employees with a wide variety of interests