As a Senior DevSecOps Engineer on our Platform & Data team, you have the unique opportunity to help ensure security is built in from the beginning, not retrofitted. We’re working to build a brand new platform and ensuring robust security measures are built in is one of our core feature sets. You’ll have the ability to help from ensuring we have a fully secure CI/CD pipeline to build and deploy secure and compliant applications to equipping our infrastructure with proper governance and embedded security controls to prevent security loopholes.
Reporting into the VP of Technology and Security, you’ll be partnering with cross functional teams to establish a strategic path in building out our platform with a shift-left security approach to implement security measures at each and every layer.
If you like working on automated security frameworks, building out a fully secure and compliant cloud infrastructure, we look forward to hearing from you!
What you’ll do:
· Evaluate a myriad of deployment scenarios (cloud, hybrid-cloud), services, models and technology to ensure they are secure and compliant with various industry standards (HIPAA, PII, SOX)
· Develop and guide technology risk management in collaboration with teams across the company to enable responsive, secure and cost effective solutions
· Be highly versatile and technical, from heavy network engineering, application security and DevSecOps (Development, Security and Operations)
· Provide best security guidance to secure a Cloud based Service Mesh environment
What you’ll need:
· 4+ years of experience in cloud / software security experience
· 3+ years of software experience in Java/Go/Python or equivalent; ability to write / understand software development, specifically writing modules towards security within a platform or working with third parties for evaluating source code for vulnerability
· 3+ years of experience securing AWS infrastructure
· 2+ years of experience with Kubernetes (from a security perspective), working with Large K8s clusters/service mesh enabled, or NetPol with Calico or similar
· Experience with security vulnerability assessments and tools (WAF, Inspector, Guarduty, Threat Stack, other IDS/IPS tools, etc.)
· Experience building and maintaining CI/CD pipelines
What you’ll bring to the table:
· Solid knowledge of SSO methodologies (SAML, AD, LDAP)
· Strong understanding of network and security concepts including TCP/IP protocol stack, HTTP, HTTP/2, PKI, SSL, TLS, DTLS, mutual TLS, OAuth, Authentication, Authorization
· Understanding of application security (mTLS, SPIFFE, General Understanding of HIPAA/SOX/PII/GDPR compliance)