Were looking for an experienced DevSecOps Engineer to join our team and verify that our cloud environments and CI/CD flows are secured according to best practices.
As a SecDevOps Engineer, youll lead our security efforts around our dynamic and fast-paced production environments. Youll define and create operation tools and processes, and play a hands-on role in directly impacting work across all R&D flows.
Responsibilities:
Secure and monitor live production environments.
Perform security drill-downs and investigations.
Act as a subject matter expert and manage security incidents across all organizational environments.
Implement monitoring and alerting procedures and mechanisms.
Design and implement automation processes for security monitoring and incident response-related flows.
Design, implement, and develop security solutions according to R&D/production needs.
Work with our R&D teams and architects to design, enhance, and implement best-of-breed security topologies.
Identify new security threats, and trends by conducting continuous monitoring, vulnerability assessments, and log analyses.
Conduct regular internal and external security assessments, vulnerability scans, and penetration testing of systems and applications to identify and remediate security weaknesses and threats.
Manage our bug bounty program.
Maintain documentation of security processes, procedures, and configurations.
Generate regular reports on security metrics, compliance, and incident response activities for management and stakeholders.
Requirements: 3+ years of hands-on DevOps experience in a cloud environment.
1+ years of relevant industry experience in security, with a solid knowledge of information security principles and practices.
Experience with Kubernetes, containers, and serverless security.
Experience integrating security into CI/CD pipelines.
Knowledge and experience with cloud vendors such as GCP/AWS - Must
In-depth understanding and proven experience in security monitoring and analytics.
AppSec - Knowledge of SSDLC best practices around application security.
Strong understanding of cybersecurity and network principles.
Advantages:
Solid understanding of security/operations infrastructure.
Experience with large-scale cloud infrastructures and services.
Experience leading integration processes for SIEM systems.
Experience with incident response (IR) attacks and mitigation methods.
Experience building tools and processes using Python or Go to address security-related needs.
Experience running forensic investigations.
Experience with penetration testing or security research.
This position is open to all candidates.
