Canoo maintains compliance with the OFCCP. As such, please feel free to review the following information:

https://www.dol.gov/agencies/ofccp/posters

https://www.dol.gov/agencies/olms/poster/labor-rights-federal-contractors

If you are a person with a disability needing assistance with the application process, please call (310) 702-7907 or email us at talentacquisitionteam@canoo.com

Canoo’s mission is to bring EVs to Everyone and build a world-class team to deploy this sustainable mobility revolution. We have developed breakthrough electric vehicles that are reinventing the automotive landscape with pioneering technologies, award-winning designs, and a unique business model that spans all owners in the full lifecycle of the vehicle. Canoo is starting production in 2022 and is distinguished by its pioneering and experienced team of technologists, engineers, and designers. With offices around the country, the company is scaling quickly and seeking candidates who love to challenge themselves, are motivated by purpose, and possess a strong desire to get things done.

The “Canoo Way”

Canoo’s success is the direct result of our disciplined application of our core operating principles and drills, which are based on three main principles: Think 80/20 (“Important versus less important”), Act 30/30 (“Reduce waste and increase output”), and Live 90/10 (“We have each other’s back”). We hire based on “MET” - Mindset, Equipment and willingness to Train - and seek individuals that take accountability and deliver results while being Humble, Hungry to succeed, and Hunting for opportunities to win. We train our team to engage with each other by modulating between their intellect (iQ) and emotional intelligence (eQ), applying Facts, Finesse, and Force when they communicate. The principles and drills of the CANOO Way have been fundamental to our success, our ability to grow, continuously improve, innovate and are at the core of our day-to-day operations.

The Director, Cloud Security will be an integral member of the Information Technology (IT) leadership team focused on Canoo’s overall Cloud Security posture, DevSecOps, Enterprise Identity and Access Management (IAM), detailed technical standards and playbooks, and implementing tools to improve the security of cloud workloads and Access Management.

They will architect and manage the secure operation of the Canoo’s cloud based technical infrastructure. This role includes responsibility for technical security implementation, administration of security systems, creating and maintaining accurate technical documentation and a lead role communicating our technical solutions with internal compliance and external security auditors. If you have passion for cutting edge cloud services, deep interest in cybersecurity architecture and information security technologies, can convert complex requirements into efficient designs, and enjoy working in a fast-paced environment with talented engineers then Canoo is for you.

The ideal candidate must have hands-on experience with:

• Python scripting
• AWS CLI’s and API’s
• IAM tools (e.g., Saviynt, SailPoint, Okta, ForgeRock, etc.)
• AWS infrastructure and development
• AWS security
• AWS incident triage/containment
• Cloud penetration testing
• AWS IAM (e.g., provisioning, de-provisioning, reconciliation, continuous compliance, AWS Landing Page, Role Adoption, IAM Policy compliance, re-certification, etc.)
• Enterprise IAM (e.g., provisioning, de-provisioning, reconciliation, continuous compliance, re-certification, etc.)
• CI/CD
• Secure Development Pipeline implementation (e.g., Container Security, SAST, Secrets Management, Developer Training, etc.)

While this is a leadership role, the Director, Cloud Security will be expected to define their backlog and maintain hands-on ownership and execution of parts of their Agile backlog. 

• Develop and deploy Cyber Security components for Software Engineering (DevOps) teams to adopt and leverage.
• Monitor the Cyber Security of all cloud environments, including AWS, Azure, and O365 workloads.
• Collect and report on Cyber Security operational metrics for each DevOps team.
• Work collaboratively with DevOps teams to define a Secure Development pipeline
• Work collaboratively with DevOps teams to define and formalize detailed cloud security technical standards and guidelines.
• Develop and deploy compliance checking capabilities to continuously identify DevOps teams not leveraging Cyber Security components, or complying with Cyber Security technical standards and guidelines.
• Research Cyber Security trends and emerging technologies, identify our business and technical requirements, perform technical evaluation and support deployment of Cyber Security solutions.
• Develop and implement Cyber Security scripts and tools to streamline routine security processes, while maintaining Cyber Security Gitlab repo and AWS Cyber Security account.
• Implement and manage Security Dashboard, including a cloud based SIEM solution.
• Partner with various teams to identify, plan, and implement security best practices in their respective areas.
• Implement and manage an IAM systems, governing access to all Canoo systems.
• Implement and manage Static and Dynamic Code Analysis program in CICD pipelines.
• Manage Penetration Testing program.
• Research and analyze application behaviors and improving security and stability.

• BS degree in Computer Science/Engineering or a related field, or equivalent experience.
• 8 -10+ years of applicable professional experience.
• Must have hands-on, and current expertise-level skills as a developer (Java or Python).
• Must have hands-on experience with cloud security forensics and analysis of security threats and events and be able to perform penetration testing in the cloud.
• Hands-on experience with distributed version control systems (e.g., Git/Stash).
• Hands-on experience with Docker, GitHub/Gitlab, Jenkins, ELK and deploying applications on AWS.
• Hands-on experience deploying and managing infrastructure with Terraform (must have ability to create and apply Terraform scripts).
• 3 - 5+ years of hands-on experience building, maintaining, and securing AWS environments (e.g., VPC’s, EC2, EKS, serverless, IAM/Network policies, AWS Access Management, SCPs, etc.).
• Experience deploying and managing IAM solutions.
• Deep understanding of Internet protocols including TCP/IP and HTTP.
• Experience with securing the software development life cycle, from requirements to design, implementation, testing, and release.
• Ability to work on multiple projects at a time in a fast-paced environment.

Physical Requirements for Non-Physical Positions

While performing the duties of this job, employees may be required to sit for prolonged periods of time, occasionally bending or stooping, lifting up to 10 pounds, and prolonged periods of computer use.

Reasonable Accommodations

Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of the position.

• Meaningful, challenging work that will redefine automotive landscape and make EVs available to everyone
• Comprehensive Health Insurance
• Equity Compensation
• Flexible Paid Time Off
• Casual workplace with an unbelievable feeling of energy

Canoo is an equal opportunity-affirmative action employer and considers all qualified applicants for employment based on business needs, job requirements and individual qualifications, without regard to race, color, religion, sex, age, disability, sexual orientation, gender identity or expression, marital status, past or present military service or any other status protected by the laws or regulations in the locations where we operate.

Any unsolicited resumes or candidate profiles submitted in response to our job posting shall be considered the property of Canoo Inc. and its subsidiaries and are not subject to payment of referral or placement fees if any such candidate is later hired by Canoo unless you have a signed written agreement in place with us which covers the applicable job posting.