Oct 11, 2019

LSST Security Architect / Lead Security Engineer

  • Assoc of Universities for Research in Astronomy
  • Tucson, AZ, USA
Full-Time Engineering

Job Description

The Large Synoptic Survey Telescope (LSST) Data Management team seeks an individual with demonstrated experience in developing and managing security infrastructure for the position of Security Architect / Lead Security Engineer. This person will be responsible for, inter alia, leading the security engineering for the LSST Science Platform.

The Large Synoptic Survey Telescope (LSST; http://lsst.org) is a planned, large-aperture, wide-field, ground-based telescope that will survey half the sky every few nights in six optical bands. It will explore a wide range of astrophysical questions, ranging from discovering “killer” asteroids, to examining the nature of dark energy. The project includes an 8-meter class wide field telescope, a 3.2 gigapixel camera with 2-second readout, and a state-of-the-art petascale data management system to process, archive, and distribute the 15 TB of data produced every night. Once completed, the LSST will be the largest and most modern optical survey project ever built.

The LSST Data Management (DM) team is a distributed team off ~100 individuals in various partner institutions. It is building a data processing system spanning two continents, new state-of-the-art image processing algorithms, petascale computing clusters with tens of thousands of cores, large distributed databases, and next-generation LSST Science Platform (LSP), among others. All LSST DM code is published on Github and released under a major open source license; our lingua franca is Python 3.

This position has its home in the Science Quality and Reliability Engineering (SQuaRE) team. SQuaRE is a high-performing DevOps team that has developed and deployed several services supporting software development and observatory operations, including the Notebook Aspect of the LSST Science Platform. As well as making all our software open source (http://github.com/lsst-sqre/) SQuaRE also frequently upstreams to open source projects that we consume (such as JupyterLab).

The LSST Security Architect / System Engineer reports to the LSST Science Platform Project Manager / SQuaRE Technical Manager and works closely with the Data Management team. This full-time position is based in Tucson, Arizona, but for exceptionally qualified candidates residing in certain states (Arizona, California, Colorado, District of Columbia, Hawaii, Maryland or New Mexico) a mostly remote position (with some travel) may be considered. Starting salary will be commensurate with qualifications and domain experience.

Essential Functions:

  • Architect, implement and manage a security infrastructure for the LSST Science Platform, including an intrusion detection / auditing infrastructure.
  • Advise the LSST Science Platform Project Manager on likely threat models and appropriate trade-offs between usability and security in the scientific domain.
  • Engage with our (NIST-derived) security policy documents and advise on how align our engineering and scientific priorities to their scope.
  • Audit our architecture and existing services for areas of particular security concern
  • Ensure that our security practices evolve to keep pace with best practices in the field
  • Mentor developers in appropriate security practices
  • Represent the needs of the LSST Science Platform and SQuaRE teams in security policy discussions at our organizational compliance level and with policy makers at our institutional partners (LSST, NSF's OIR Lab, AURA, NCSA, SLAC, etc)
  • Foster a collaborative relationship with the engineers and deep understanding of the goals of the technical teams, particularly avoiding the formation of “security says no” mentality
  • Create clear and up-to-date documentation, including architecture diagrams
  • Participate in the collective engineering activities of the SQuaRE team, including performing code reviews, acting as a troubleshooting buddy, contributing to refactoring sprints, engaging in design discussions, joining in the team daily standups and weekly coworking session

Required Qualifications:

  • Hands-on experience architecting and managing security resources for a popular service available to users via the Internet.
  • Track record of providing leadership in security matters to a technical organization and/or groups of developers
  • Architect-level security expertise including: leading the team to develop relevant threat models, architecting and implementing a detection auditing infrastructure, analyzing trade-offs between security and productivity, mentoring developers in good security practices, creating a positive culture around security issues, keeping up with good practice in the field
  • Excellent software engineering skills such as writing clear, well-encapsulated code, with readable documentation and unit tests
  • Fluency in Python 3
  • Minimum 10 years of experience in Unix/Linux system administration and/or provisioning of cloud services.
  • Familiarity with Docker, or similar containerization technologies.
  • Extensive familiarity with git and distributed development workflows based on online code management systems (preferably GitHub)
  • Excellent verbal and written communication skills in English, including the ability to lucidly explain complex security topics to non-security engineers.
  • Willingness to travel occasionally and represent our work.
  • Comfortable collaborating with individuals/teams remotely using instant messaging and teleconferencing.
  • Being able to work in a self-directed manner in pursuit of the team’s technical goals

Preferred Qualifications:

  • Master’s degree or higher in computer science / information technology, or demonstrable equivalent experience in the field in terms of being able to think analytically and synthetically about the subject, express abstract concepts, etc.
  • Familiarity with Kerberos
  • Familiarity with InCommon/Shiboleth
  • Fluency in C/C++
  • Familiarity with operating services on commodity cloud environments such as Amazon Web Services or Google Cloud Platform
  • Familiarity with Kubernetes
  • Familiarity with Vault

Submission materials: Please include a cover letter describing your interest in this position, a CV or resume summarizing your relevant experience, and links to any open source contributions that you would like to draw to our attention. Applications received prior to October 25th will receive full consideration.

Also, please list 3 professional references who will only be contacted during the late stages of the interview process. Address any questions about the application process to: employment@aura-astronomy.org.

About AURA: The Association of Universities for Research in Astronomy (AURA), is a consortium of over 40 US institutions and four international affiliates that operates world-class astronomical observatories. AURA’s role is to establish, nurture, and promote public observatories and facilities that advance innovative astronomical research. AURA is responsible for managing the operations of the NSF’s Nation Optical-Infrared Astronomy Research Laboratory, the National Solar Observatory, and the construction of the Large Synoptic Survey Telescope and the Daniel K. Inouye Solar Telescope under cooperative agreements with the National Science Foundation and operations of the Space Telescope Science Institute under contracts with NASA.

AURA, as a leader in the astronomical community, is committed to diversity and inclusion. AURA develops and supports programs that advance our organizational commitment to diversity, broaden participation, and encourage the advancement of diversity throughout the astronomical scientific workforce. Learn more at http://www.aura-astronomy.org/diversity

As a recipient of U.S. Government funding, AURA is considered a government contractor and is subject to Equal Employment Opportunity and Affirmative Action regulations. As an Equal Opportunity and Affirmative Action Employer, AURA and all of the centers, do not discriminate based on race, sex, color, age, religion, national origin, sexual orientation, gender identity/gender identity expression, lawful political affiliations, veteran status, disability, and/or any other legally protected status under applicable federal, state, and local equal opportunity laws. 

Preference granted to qualified Native Americans living on or near the Tohono O'odham reservation.

Veterans, disabled individuals or wounded warriors needing assistance with the employment process should request assistance at employment@aura-astronomy.org



Security Clearance

NO Security Clearance

Apply Now