Senior Security Engineer

About Mirantis

Mirantis is the Kubernetes-native AI infrastructure company, enabling organizations to build and operate scalable, secure, and sovereign infrastructure for modern AI, machine learning, and data-intensive applications. By combining open source innovation with deep expertise in Kubernetes orchestration, Mirantis empowers platform engineering teams to deliver composable, production-ready developer platforms across any environment—on-premises, in the cloud, at the edge, or in sovereign data centers. As enterprises navigate the growing complexity of AI-driven workloads, Mirantis delivers the automation, GPU orchestration, and policy-driven control needed to manage infrastructure with confidence and agility. Committed to open standards and freedom from lock-in, Mirantis ensures that customers retain full control of their infrastructure strategy.

Mirantis is looking for a Senior Security Engineer to help keep the popular Lens product (https://k8slens.dev) secure for its customers. In this role, you will seek security vulnerabilities from the Lens Desktop - an electron based application, built on open source by Team Lens of Mirantis - and all the related cloud based services. You'll work together with Lens engineering teams to prioritize and fix any issues. You'll also drive the efforts for achieving and maintaining industry standard security related certificates and compliances. This position will provide you with challenging opportunities, both technologically and as a leader, but will also be a great deal of fun if hacking a popular cloud native developer tool and related services alongside a team of world class individuals sounds exciting to you.

In this role you'll provide technical leadership and advice to engineering teams and leaders in collaboration with Mirantis information security teams. You'll gain first hand knowledge on how Lens is built and how it operates at a deep, technical level. Additionally, you will leverage the domain knowledge of Lens to identify vulnerabilities in the broader Mirantis product portfolio. Above all else, a strong sense of customer obsession is necessary to focus on the ultimate goal of keeping Mirantis and its customers secure.

Responsibilities

• Conducting high quality application penetration tests independently, or leading the efforts done by third party contractors

• Identifying security vulnerabilities across various security domains (e.g. system and network security, authentication and security protocols, cryptography, application security) and producing engagement plans and remediation recommendations to address any findings or gaps.

• Leading the efforts for prioritizing and resolving security vulnerabilities, including contributing fixes directly to product, in collaboration with engineering teams

• Driving the efforts for achieving and maintaining security related certifications and compliance (e.g. SOC2)

• Assist other departments, like sales and marketing, to communicate our security posture, compliance, and/or potential gaps in security domain to our customers

• Performing quarterly internal security tests of Lens Cloud and Desktop, simulating relevant attack scenarios, and managing remediation.

• Maintaining and updating threat models for core Lens services and supporting architecture security reviews.

• Triage and validation of SAST and container scanning results, and coordinating remediation with engineering.

• Maintaining BCP/DRP policies for Lens, running periodic reviews, and organizing tabletop exercises.

• Monitoring and helping to remediate vulnerabilities in third-party dependencies and container images via Dependabot, CodeQL, etc.

• Auditing secrets usage in Lens codebases and CI/CD pipelines, and validating proper use of secret storage solutions.

• Assessing security risks associated with new SaaS tools or external APIs used in Lens.

• Experience in a penetration testing or information security role
• Experience with security engineering practices, including: web application security, network security, authentication and authorization protocols, cryptography, automation, and other software security disciplines
• Experience with dynamic and manual code auditing to identify security issues
• Experience with interpreted or compiled languages (e.g. Node, JavaScript, TypeScript, Go, C/C++)
• Experience with threat modeling, design review, or other threat analysis techniques
• Experience with cloud service providers and their offerings, and their various technologies and services
• Experience in developing security tooling and automation
• Experience in CVE research, and/or Bug Bounty recognition
• Advanced degree in Computer Science or related field, or equivalent industry experience

Why you’ll love Mirantis

• Work with an established leader in the cloud infrastructure industry.
• Work with exceptionally passionate, talented and engaging colleagues, helping Fortune 500 and Global 2000 customers implement next-generation cloud technologies.
• Be a part of cutting-edge, open-source innovation.
• Thrive in the high-energy environment of a young company where openness, collaboration, risk-taking, and continuous growth are valued.
• Receive a competitive compensation package with strong benefits plan.
• We are a Leader for Container Management in G2 (#2 after AWS)!

It is understood that Mirantis, Inc. may use automated decision-making technology (ADMT) for specific employment-related decisions. Opting out of ADMT use is requested for decisions about evaluation and review connected with the specific employment decision for the position applied for. You also have the right to appeal any decisions made by ADMT by sending your request to isamoylova@mirantis.com

By submitting your resume, you consent to the processing and storage of your personal data in accordance with applicable data protection laws, for the purposes of considering your application for current and future job opportunities.

We are a Leader for Container Management in G2 (#2 after AWS)!