Job Description

-------------------

Au sein de l'equipe Foundation Secure, vous mettrez a profit vos connaissances en devops et votre expertise en genie logiciel dans le domaine de la securite infonuagique. Notre equipe utilise l'automatisation pour proteger quasiment tous les aspects de la presence infonuagique de Zendesk sur Amazon Web Services (AWS). Il s'agit d'un poste stimulant ou vous verrez l'impact direct de vos contributions, travaillerez avec une equipe devouee et attentionnee, et evoluerez a l'avant-garde de la securite infonuagique.


Notre priorite, c'est l'ingenierie proactive. Votre mission principale sera de batir et de gerer des environnements infonuagiques securises a grande echelle, d'outiller les autres ingenieurs pour qu'ils creent des produits exceptionnels, et de developper des outils qui fournissent des donnees a nos equipes de securite afin de gerer les menaces dans les environnements infonuagiques de Zendesk.

Vos responsabilites

-----------------------

Etablir et maintenir les normes de gouvernance et de securite de base pour l'infrastructure AWS de Zendesk dans l'ensemble de nos comptes AWS. Concevoir des outils AWS en libre-service sur Kubernetes pour permettre a notre organisation d'ingenierie de deployer de l'infrastructure de facon securitaire, avec les garde-fous appropries. Promouvoir une approche d'infrastructure immuable sur AWS au sein de la communaute d'ingenierie Zendesk pour ameliorer la fiabilite et la securite. Developper et maintenir l'infrastructure SSH zero-trust de Zendesk pour permettre aux proprietaires de gerer l'acces a leurs hotes facilement. Travailler a l'optimisation de la gestion des identites et des acces (IAM), pas seulement pour AWS, mais aussi pour des centaines d'applications dans toute l'organisation d'ingenierie Zendesk. Etre champion.ne et maintenir notre systeme d'Infrastructure as Code (IaC) en libre-service pour l'organisation. Renforcer et simplifier le processus de creation d'images maitres ( golden images ) pour machines virtuelles et conteneurs pour des centaines de services. Conseiller des equipes d'ingenierie desirant deployer de nouvelles technologies et architectures AWS selon les meilleures pratiques et modeles de securite. Collaborer avec l'equipe de Securite pour developper des outils qui offrent aux equipes d'ingenierie les informations necessaires pour reagir face aux menaces et aux mauvaises configurations dans notre infrastructure. Mettre en oeuvre et gerer les controles de securite reactifs et proactifs dans AWS a l'aide de pipelines CI/CD.

Ce que vous apportez au role

--------------------------------

Exigences

-------------------

2 ans et plus d'experience, ou une formation equivalente, dans la configuration et la securisation d'environnements AWS a l'aide de leurs services natifs (IAM, Control Tower, Organizations, SCPs, Lambda, CloudTrail). 2 ans et plus d'experience ou equivalent en creation de services utilisant les services geres AWS. 2 ans et plus d'experience ou equivalent en livraison de services de production dans un langage de programmation, avec volonte d'en apprendre d'autres. 2 ans et plus d'experience ou equivalent avec Linux et les architectures basees sur les conteneurs : Docker, Kubernetes. Experience demontree de collaboration efficace avec des parties prenantes externes pour atteindre des objectifs communs. Connaissances pratiques en DevOps et en automatisation, scripting et developpement d'outils logiciels sur mesure pour repondre a des defis operationnels. Maitrise des meilleures pratiques en matiere de securite pour garantir la protection de notre environnement infonuagique. Capacite d'analyse accrue pour resoudre des problemes; vous prenez les meilleures decisions lorsqu'elles sont appuyees par des donnees.

Atouts :

------------

Experience dans la creation et la gestion d'images maitres pour machines virtuelles et conteneurs Docker. Pratique avec des outils Infrastructure as Code comme CloudFormation, Terraform, ou les SDKs AWS. Maitrise des langages de programmation Go, Python ou Ruby. Esprit axe sur l'observabilite et l'analyse de donnees pour la resolution de problemes; vous privilegiez les decisions appuyees par des donnees concretes. Volonte manifeste d'apprendre de nouvelles technologies et langages de programmation selon l'evolution des responsabilites de l'equipe. Familiarite avec les pipelines CI/CD, de preference GitHub Actions. Experience avec Kubernetes en production, notamment la creation et l'utilisation d'operateurs. Certifications AWS.

English Version

===================

As part of the Foundation Secure team, you will bring your devops knowledge and software engineering skill set into the world of cloud security engineering. Our team uses automation to protect nearly every aspect of Zendesk's cloud presence in Amazon Web Services. This is a challenging position where you'll be able to see an immediate impact to your contributions, work alongside a dedicated and caring team, and live on the cutting edge of cloud security.


Proactive engineering is our emphasis. Your prime directive is to build and govern secure cloud environments at scale, empower other engineers to build awesome products, and create tools that provide the data for our Security teams to address threats in Zendesk's cloud environments.

What you'll be doing

------------------------

Building and maintaining the baseline governance and security standards for AWS infrastructure at Zendesk for all of our AWS accounts. Building self-service AWS tooling on Kubernetes that enables our engineering organization to safely deploy infrastructure with appropriate security guardrails. Promoting immutable infrastructure on AWS to the wider Zendesk Engineering organization to improve infrastructure reliability and security. Developing and maintaining Zendesk's zero-trust SSH infrastructure that gives our infrastructure owners the power to easily manage access to their hosts. Working to streamline Identity and Access Management not only for AWS, but for hundreds of applications around the Zendesk Engineering organization. Champion and maintain our self service IaC system for the organization. Harden and streamline the process of building virtual machine and container golden images for hundreds of services. Lead engineering teams looking to deploy new AWS technologies and architectures on best practices and security models. Partner with our Security organization to build the tools that provide Engineering teams with the information to react to threats and misconfigurations in our infrastructure. Implement and manage reactive and proactive security controls in AWS using CICD.

What you bring to the role

------------------------------

Required:

-------------

2+ years experience or equivalent education configuring and securing AWS using their native service offerings (IAM, Control Tower, Organizations, SCPs, Lambda, Cloudtrail). 2+ years experience or equivalent education building services using AWS Managed Services. 2+ years experience or equivalent education delivering production services in a programming language and willingness to learn other languages. 2+ years experience or equivalent education working with Linux and container-based architectures: Docker, Kubernetes. Strong track record of working collaboratively with external stakeholders to achieve project goals. Practical DevOps knowledge, with a knack for addressing operational challenges through automation, scripting, and custom software solutions. A strong grasp of security best practices to safeguard our cloud landscape. An analytical approach to problem-solving, you believe the best decisions are made when they are backed by data.

Nice to have:

-----------------

Experience in building and maintaining golden images for virtual machines and docker containers. Hands-on experience with infrastructure-as-code tools like Cloudformation/Terraform/SDKs. Proficiency in the Go, Python, or Ruby programming languages. Observability focused mindset and an analytical approach to problem-solving: you believe the best decisions are made when they are backed by data. Demonstrated desire to learn new technologies and programming languages as our team and responsibilities evolve over time. Familiarity with CI/CD workflows, preferably with GitHub Actions. Experience with Kubernetes in a production environment, including the creation and use of operators. AWS Certifications
#JH-1


Hybrid: In this role, our hybrid experience is designed at the team level to give you a rich onsite experience packed with connection, collaboration, learning, and celebration - while also giving you flexibility to work remotely for part of the week. This role must attend our local office for part of the week. The specific in-office schedule is to be determined by the hiring manager.

The intelligent heart of customer experience

Zendesk software was built to bring a sense of calm to the chaotic world of customer service. Today we power billions of conversations with brands you know and love.


Zendesk believes in offering our people a fulfilling and inclusive experience. Our hybrid way of working, enables us to purposefully come together in person, at one of our many Zendesk offices around the world, to connect, collaborate and learn whilst also giving our people the flexibility to work remotely for part of the week.


As part of our commitment to fairness and transparency, we inform all applicants that artificial intelligence (AI) or automated decision systems may be used to screen or evaluate applications for this position, in accordance with Company guidelines and applicable law.


Zendesk is an equal opportunity employer, and we're proud of our ongoing efforts to foster global diversity, equity, & inclusion in the workplace. Individuals seeking employment and employees at Zendesk are considered without regard to race, color, religion, national origin, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, medical condition, ancestry, disability, military or veteran status, or any other characteristic protected by applicable law. We are an AA/EEO/Veterans/Disabled employer. If you are based in the United States and would like more information about your EEO rights under the law, please click here .


Zendesk endeavors to make reasonable accommodations for applicants with disabilities and disabled veterans pursuant to applicable federal and state law. If you are an individual with a disability and require a reasonable accommodation to submit this application, complete any pre-employment testing, or otherwise participate in the employee selection process, please send an e-mail to peopleandplaces@zendesk.com with your specific accommodation request.