Required DevSecOps Engineer
Realize your potential by joining the leading performance-driven advertising company!
The ideal candidate will bridge high-level security governance with hands-on, automated security implementation across the Software Development Life Cycle (SDLC).
This individual will be a critical enabler, empowering teams to move swiftly and deliver exceptional value to our clients, all while upholding the required security standards. A proven track record in successfully balancing rapid innovation with robust security practices is essential for this role.
How youll make an impact:
As the DevSecOps Engineer, you will be responsible for creating a secure-by-design culture and leading the operational implementation of our security strategy. You will:
Build the Secure SDLC (SSDLC) Strategy: Develop, own, and execute the companys comprehensive DevSecOps strategy, focusing on automation to manage security at scale from code check-in to production deployment.
Lead Key Security Engineering Initiatives: Lead and manage security engineering programs, including:
Maturing the security tools stack (e.g., implementing WAF, and automating SCA/SAST tools).
Owning the bug bounty and responsible disclosure programs triage and remediation tracking.
Enhancing the Identity and Access Management (IAM) framework through concepts like Just-In-Time (JIT) and Zero Trust principles.
Operationalize CVE Tracking and Remediation: Design and implement a scalable system for discovering, tracking, and prioritizing Common Vulnerabilities and Exposures (CVEs) in third-party and custom code. Drive the engineering teams to achieve security risk remediation goals by providing clear, actionable data and automated patching mechanisms.
Measure & Drive Improvement: Develop and maintain key DevSecOps metrics (e.g., Mean Time To Detect/Remediate - MTTD/MTTR, percentage of code coverage by SAST/SCA tools) to measure the effectiveness of automated controls and provide a data-driven picture of the application security posture.
Embed Security Engineering: Spearhead R&D DevSecOps initiatives, partnering directly with engineering teams to select, deploy, and maintain security tools, establishing security gates and best practices throughout the product development lifecycle.
Requirements: Deep DevSecOps Expertise: 5+ years of experience in a senior DevSecOps or Application/Product Security role, with a strong, working knowledge of DevSecOps principles and the modern application threat landscape (e.g., OWASP Top 10).
DevSecOps Focus: Proven ability to shift left security by embedding automated security controls (SAST, DAST, SCA, IAST) into CI/CD pipelines.
Open Source Security & Supply Chain Mastery: Deep, hands-on experience managing and hardening open-source software dependencies.
Key Focus: Expertise in utilizing Software Composition Analysis (SCA) tools (e.g., Dependency-Check, Snyk, Black Duck) to maintain an accurate Software Bill of Materials (SBOM) for all products.
Vulnerability & Risk Management Pro: Proven ability to establish and own a continuous CVE tracking and remediation process.
Key Focus: Expertise in risk-rating vulnerabilities based on exploitability and business impact, and driving engineering teams to remediate security risks efficiently using automation and clear Service Level Objectives (SLOs).
Audit & Compliance Automation: Proven, hands-on experience managing security audits and certification programs (e.g., SOC 2, ISO 27001) by leveraging security as code principles and automating evidence collection to demonstrate compliance across the pipeline.
Leadership & Influence: Strong leadership skills with the ability to build consensus and partner with R&D, Platform Engineering, and IT teams to embed security practices without being a bottleneck.
This position is open to all candidates.