Who We Are:
SiriusXM and its brands (Pandora, SiriusXM Media, AdsWizz, Simplecast, and SiriusXM Connect) are leading a new era of audio entertainment and services by delivering the most compelling subscription and ad-supported audio entertainment experience for listeners -- in the car, at home, and anywhere on the go with connected devices. Our vision is to shape the future of audio, where everyone can be effortlessly connected to the voices, stories and music they love wherever they are.
This is the place where a diverse group of emerging talent and legends alike come to share authentic and purposeful songs, stories, sounds and insights through some of the best programming and technology in the world. Our critically-acclaimed, industry-leading audio entertainment encompasses music, sports, comedy, news, talk, live events, and podcasting. No matter their individual role, each of our employees plays a vital part in bringing SiriusXM’s vision to life every day.
SiriusXM is the leading audio entertainment company in North America, and the premier programmer and platform for subscription and digital advertising-supported audio products. SiriusXM’s platforms collectively reach approximately 150 million listeners, the largest digital audio audience across paid and free tiers in North America, and deliver music, sports, talk, news, comedy, entertainment and podcasts. Pandora, a subsidiary of SiriusXM, is the largest ad-supported audio entertainment streaming service in the U.S. SiriusXM's subsidiaries Simplecast and AdsWizz make it a leader in podcast hosting, production, distribution, analytics and monetization. The Company’s advertising sales organization, which operates as SiriusXM Media, leverages its scale, cross-platform sales organization and ad tech capabilities to deliver results for audio creators and advertisers. SiriusXM, through SiriusXM Canada Holdings, Inc., also offers satellite radio and audio entertainment in Canada. In addition to its audio entertainment businesses, SiriusXM offers connected vehicle services to automakers.
How you’ll make an impact:
As a Cloud Security Engineer on the Security Engineering Team, you’ll be responsible for maintaining and improving the security of our production cloud environments.
We are looking for motivated, passionate hands-on experts in cloud security architecture and operations who can help us maintain highly defensible cloud infrastructure and provide best practices to our partner teams.
Our ideal candidate is driven by the desire to reduce risk while letting the business move quickly and safely, and exemplifies that security is an integral part of the tools and processes engineers use every day.
What you’ll do:
Discover, validate, and remediate security issues across cloud infrastructure per industry standards.
Build, deploy, document, and manage production security tools and services to monitor networks, endpoints, and cloud workloads.
Design, document, and operate scalable processes to provision cloud access and maintain least-privilege.
Build and maintain low-touch, production-quality cloud infrastructure using state-of-the-art enterprise DevSecOps practices.
Write and review highly secure infrastructure as code.
Design, create, document, review, and consult on processes and tools that enable the engineering teams to build secure, reproducible, and productive container/VM/bare metal images.
Partner closely with security leadership, compliance, and engineering to execute on security strategies for our cloud initiatives.
Assess and propose solutions regarding cloud security to engineering leadership.
Perform architectural and design reviews through the security lens and provide timely, actionable requirements and recommendations.
What you’ll need:
At least 7 years in the security field, with 5+ years of experience working in the realm of Cloud Security.
Ample experience with AWS.
Fluency in one or more programming or scripting languages, preferably Python.
Significant understanding of the technology and philosophy of infrastructure as code, and the philosophy of work that is DevSecOps.
Experience deploying and customizing security tools to address threats and lower risk: vulnerability scanners, static analyzers, web application firewalls, IDS/IPS, endpoint security monitoring, etc.
Knowledge of networking and web protocols (TCP/IP, HTTP, TLS, REST), and the ability to analyze traffic to find anomalies.
Understanding of modern cloud technology components and deployment patterns: virtual machines, containers, serverless, infrastructure as code, etc.
Demonstrated ability to collaborate with other teams to achieve complex objectives.
Must have legal right to work in the U.S.
At SiriusXM, we carefully consider a wide range of factors when determining compensation, including your background and experience. These considerations can cause your compensation to vary. We expect the base salary for this position to be in the range of $86,000 to $160,000 and will depend on your skills, qualifications, and experience. Additionally, this role might be eligible for discretionary short-term and long-term incentives. We encourage all interested candidates to apply.
Our goal at SiriusXM is to provide and maintain a work environment that fosters mutual respect, professionalism and cooperation. SiriusXM is an equal opportunity employer that does not discriminate on the basis of actual or perceived race, creed, color, religion, national origin, ancestry, alienage or citizenship status, age, disability or handicap, sex, gender identity, marital status, familial status, veteran status, sexual orientation or any other characteristic protected by applicable federal, state or local laws.
The requirements and duties described above may be modified or waived by the Company in its sole discretion without notice.
R-2024-02-67
