OpenStack is one of the top 3 most active open source projects and manages 10 million compute cores     Learn more

OpenStack Job Board

Published on July 22
Paranoids Principal Cloud Security Engineer - OpenStack

Yahoo Inc.


It takes powerful technology to connect our brands and partners with an audience of 1 billion. Nearly half of Verizon Media employees are building the code and platforms that help us achieve that. Whether you’re looking to write mobile app code, engineer the servers behind our massive ad tech stacks, or develop algorithms to help us process 4 trillion data points a day, what you do here will have a huge impact on our business—and the world. Want in? As Verizon’s media unit, our brands like Yahoo, TechCrunch and HuffPost help people stay informed and entertained, communicate and transact, while creating new ways for advertisers and partners to connect. With technologies like XR, AI, machine-learning, and 5G, we’re transforming media for tomorrow, too. We're creators and coders, dreamers and doers creating what's next in content, advertising and technology.



When you impact millions of people every single day, you become a large target for adversaries of all types within all layers of the stack. Our job is to keep our users safe and make Verizon Media one of the safest places on the Internet.


We are the information security team at Verizon Media, known as "The Paranoids".


We protect Verizon Media, its brands, and their members. We deliver information security solutions and services to protect information assets, computing infrastructure, applications and data. 



The​ ​Paranoids​ ​seek​ ​a​ Cloud Security​ ​engineer​ ​who​ ​will​ ​focus on securing​ Verizon Media’s OpenStack cloud platform ​and​ ​drive​ ​innovative​ ​solutions​ ​to​ ​global security​ ​challenges. ​ You will be joining a team that handles security on a diverse platforms, including AWS and Azure public cloud environments, and Kubernetes container environments.



Your​ ​day:

  • Develop security policies and best practices for OpenStack cloud management platform

  • Perform security reviews to assess OpenStack for adherence to security principles including encryption, network controls, and data protection.

  • Create threat models as part of architecture security reviews and provide guidance on effective countermeasures

  • Maintain a tight collaboration and relationship with engineering and operations teams to ensure enterprise-wide adoption of security operations best practices and policies

  • Develop security strategy to perform continuous assessment on misconfigurations, exposures, and compliance findings (“vulnerabilities”) on OpenStack

  • Provide consultation on remediation of discovered security flaws on OpenStack

  • Contribute to architecture decisions with a focus on security

  • Work with other information security teams engaged in securing platforms and solutions as a domain expert on OpenStack



  • Build successful business and technical relationships with technology teams, to drive a strong security posture of infrastructure resources managed using OpenStack

  • Develop best practices, security controls, and policies to protect & deter threats

  • Drive governance and compliance efforts with business partners, and engineering stakeholders to ensure enterprise-wide adoption of related security policies

  • Lead security reviews and project consultation for OpenStack

  • Analyze results of security threat modeling to prioritize remediation efforts based on technical risks and business impact

  • Provide visibility into risk posture of environments managed by OpenStack to help drive informed business decisions


Minimum Qualifications:

  • Deep technical understanding and competence on OpenStack cloud management platform

  • Software engineering experience with a focus on operations and delivery

  • Knowledge of agile development and Continuous Integration/Continuous Delivery

  • Good​ ​written​ ​and​ ​verbal​ ​communication​ ​skills​ ​for​ ​conveying​ ​security​ ​concepts​ ​and​ ​engineering​ ​solutions

  • Ability to engage with teams to review system and service architectures and recommend secure designs for a fast paced, engineering-driven environment

  • Bachelor's​ ​degree​ ​in​ ​Computer Science, Engineering, Information Security, or equivalent degree

  • 5-8 years of overall experience in the field of information technology, with 2-4 years of experience with OpenStack


Desired Qualifications


  • 5+ years of relevant cybersecurity experience for a global technology or media company

  • 3+ years of relevant experience with AWS, Azure, or GCP

  • 1+ years of relevant experience with Kubernetes, Docker, and Containers

  • Experience with performing threat modeling and reporting on potential threats and security mitigations

  • Experience with programming and scripting languages to contribute to application development and automation (e.g., Python, Go, Ruby, Java)

  • Relevant cyber certifications (e.g., CISSP, CISA, CISM) or Public Cloud certifications (AWS, Azure, etc)





Verizon Media is proud to be an equal opportunity workplace. All qualified applicants will receive consideration for employment without regard to, and will not be discriminated against based on age, race, gender, color, religion, national origin, sexual orientation, gender identity, veteran status, disability or any other protected category. Verizon Media is dedicated to providing an accessible environment for all candidates during the application process and for employees during their employment. If you need accessibility assistance and/or a reasonable accommodation due to a disability, please submit a request via the Accommodation Request Form (  or call 408-336-1409. Requests and calls received for non-disability related issues, such as following up on an application, will not receive a response.

You can apply at the link above