DevSecOps Engineer

The Company 

An innovative product development company and execution partner. They specialize in building and launching exceptional products for clients in the retail and fintech sectors. For those seeking a company that values their expertise, encourages growth, and treats them like valued individuals, this is the perfect fit. They are committed to fostering a fun environment where employees find purpose and enjoy days filled with innovation and opportunities to expand their skill set.

The Role 

• Integration of Security Tools & Practices: Implement and maintain security tools within the CI/CD pipeline ensuring timely detection and correction of vulnerabilities.
• Automated Security Testing: Set up and manage tools that perform automated security testing of applications and infrastructure, such as SAST, DAST, IAST, and RASP.
• Cloud Security: Ensure the secure configuration and deployment of cloud resources. Provide expertise on cloud-native security solutions.
• Container Security: Secure containerized applications throughout their lifecycle, from build to deployment.
• Security Awareness & Training: Collaborate with development teams to enhance their security knowledge and integrate security practices into their workflows.
• Incident Response: Collaborate with the security team on incident response plans and participate in incident handling when needed.
• Security Metrics & Reporting: Monitor and report on security metrics, providing insights and recommendations.
• Vulnerability Management: Work on patch management processes and engage in the timely resolution of identified vulnerabilities.
• Continuous Improvement: Stay updated on new security technologies, threats, and best practices. Recommend and implement improvements to enhance security without compromising the velocity of development.

Experience 

• 5 years in IT, with 3 years focused on DevSecOps roles.
• Demonstrated experience working in cloud environments, with a deep understanding of cloud architectures, services, and best practices.
• Proficiency in conducting penetration tests and thorough security analyses to identify vulnerabilities and suggest remediation measures.
• Strong coding capabilities, with experience in languages such as Python, Go, Java, JavaScript, and TypeScript, to develop and integrate security solutions.
• Possessing industry-specific certifications, such as AWS DevOps or Security, will be considered an advantage.
• Prior experience leading teams complemented by excellent communication and leadership abilities.
• Exceptional troubleshooting skills, with a knack for addressing complex technical issues.
• Demonstrated ability in IT Incident Response and handling security breaches.
• A foundational grasp of networking principles and experience with firewalls from brands like Fortigate, Palo Alto, and Mikrotik.