Canonical - We deliver open source to the world faster, more securely, and more cost-effectively than any other company. We develop Ubuntu, the world’s most popular enterprise Linux from cloud to edge, together with a passionate global community of 200,000 contributors. Ubuntu means 'humanity to others. We chose it because it embodies the generosity at the heart of open source, the new normal for platforms and innovation. Together with a community of 200,000, we publish an operating system that runs from the tiny connected devices up to the world's biggest mainframes, the platform that everybody uses on the public cloud, and the workstation experience of the world's most productive developers. Secure and reliable, elegant and intuitive, and open for innovation - Ubuntu is the future of open source, which is why it's the fastest-growing Linux in the world despite already being the most widely deployed.
We are recruiting to fill the position below:
Job Title: Staff Security Operations Engineer
Location: Lagos
Employment Type: Full-time
About the Job
We have opened several senior/staff Security Operations Engineer (SOC) positions, creating a new team reporting to the CISO. We are looking for a range of experience in these positions - at the high end we are looking for deep experience defending highly contested critical assets and high-value cyber targets against advanced persistent threats and state-level actors.
We have more junior roles for exceptional individuals with a proven personal interest an engagement in cyber attack and defence, and outstanding academic and career performance even if experience is limited.
Our goal is to build an entirely new level of assurance and observable rigour into the open source supply chain. We have our own estate to monitor, but more broadly our goal is to raise the robustness of the entire global Ubuntu estate through the work of this team.
The Security Operations (SecOps) team is responsible for design, implementation and evolution of Canonical security practices, techniques, tools, systems and policies. The team is the primary owner of strategy and practices that determine how Canonical secures its data, internal infrastructure and build processes.
They are responsible for assuring the security and integrity of our own infrastructure and product deployments.
They design and implement technical security controls that ensure security threats are automatically identified, contained and remediated. The team will also contribute ideas and requirements for Canonical product security, improving the resilience and robustness of all Ubuntu customers and users subject to cyber attack.
The SecOps team's mission is not only to secure Canonical, but also to contribute to the security of the wider open source ecosystem. They might share knowledge through public presentations and industry events, and share threat intelligence with the wider community or represent Canonical in sector-specific governance bodies.
Responsibilities
What you will do in this role:
Implement and evolve Canonical's SecOps security standards and playbooks
Analyse and improve Canonical's security architecture
Evaluate, select and implement new security tools and practices
Identify, contain and guide the remediation of security threats and cyber attacks
Grow the presence and thought leadership of Canonical SecOps practice
Contribute to open source threat intelligence initiatives
Drive threat modelling, table top exercises and other SecOps practices across Engineering, IS and Canonical
Develop Canonical SecOps learning and development materials
Publish blog posts, whitepapers and conference presentations
Identify, implement and track SecOps KPIs
Plan and deliver SecOps work in the framework of Canonical's agile engineering practice
Work with Security leadership to present information and influence change.
Requirements
What we are looking for:
An exceptional academic track record
Undergraduate Degree in Computer Science or STEM, or a compelling narrative about your alternative path
Drive and a track record of going above-and-beyond expectations
Deep personal motivation to be at the forefront of technology security
Expertise in threat modelling and risk management frameworks
Knowledge of security architecture and market-leading security tools
Experience contributing to, and consuming, threat intelligence feeds
Experience in security risk management frameworks such as NIST CSF
Experience with security standards such as ISO 27001.
Optional things we value:
Experience in a security operations team or a security operations centre (SOC)
Experience in offensive or defensive security teams with hands-on ability
Experience with state-actor and other advanced persistent threats.