The DevSecOps Engineer would need to have at least 2+ years of experience. For this role, you must be an enthusiastic self-starter. Your role will be working on the security strategy governing the application and cloud-based platform infrastructure. You will work with other infrastructure, DevOps, and application engineers to understand the product and business needs, provide expertise around application and cloud service development, as well as define and own clear guardrails, alerts, and Security as Code (SaC) deployments to provide 24/7 protection from malicious traffic, vulnerabilities, and other attack vectors.
- Build and maintain an AWS cloud infrastructure architecture aligning security, compliance, performance, and resilience
- Provide expertise and best practices for implementing cloud security (internal) and product security (external)
- Support and conduct internal audits, help mitigate findings and implement improvement measures.
- Assess architectures and designs for security vulnerabilities and suggest and implement proper alternatives
- Oversee the management and remediation of identified security flaws within our development platforms
- Build and maintain monitoring, auditing, and reporting frameworks that produce artifacts that support security and compliance needs
- Build and maintain a set of tools that enable developers to self-serve for most operational tasks
- Develop processes that produce artifacts that support security and compliance requirements
- Significant knowledge of security best practices for client-server product architectures, focusing predominantly on cloud-based server development
- Significant knowledge of AWS systems, including EC2, IAM, CloudWatch, CloudTrail, Config, Lambda, Security Groups, VPCs, WAF, Guard Duty, Inspector, etc.
- Experience with cloud-based security management/IDS/IPS/SIEM tools, such as Splunk, Dome9, AlienVault, AlertLogic, Fortinet, Threat Stack, etc.
- Programming or scripting experience with a popular modern language utilized by the above tools (Java, Python, Ruby, etc.).
- Experience extracting pertinent security data from SIEM solutions and AWS audit, logs, and reports
- Life-long learner - always looking to stay up to date with the latest attack vectors, vulnerabilities, remediation and protection paradigms, etc.
- Self-motivated, proactive, driven individual
- Industry-recognized certification (CEH) is preferred.
apply with your résumé to get
the conversation started