DevSecOps Engineer

• Security Automation: Develop and maintain automated security tools and processes to identify vulnerabilities, perform code analysis,monitor systems and conduct security testing. This includes integrating security scanners, static code analysis tools, and vulnerability assessment tools into the CI/CD pipeline
• Secure Infrastructure: Work with infrastructure and operations teams to design and implement secure cloud infrastructure, network architecture, and deployment processes. This involves ensuring proper access controls, encryption, and monitoring are in place
• Continuous Monitoring: Implement security monitoring tools and processes to proactively identify and respond to security events and anomalies. This includes log analysis, intrusion detection, and system monitoring
• Collaboration and Communication: Foster collaboration and communication between development, operations, and security teams. Act as a liaison to ensure that security requirements are understood and integrated into the development process
• Compliance and Auditing: Assist in compliance assessments and audits to ensure adherence to regulatory requirements and industry standards. Collaborate with auditors and provide necessary documentation and evidence of security controls

• 3+ years in Security, SecOps, or DevSecOps roles
• Hands-on experience creating, identifying and fixing infrastructure misconfigurations using policy-as-code and IaC security scanning tools such as Checkov, tfsec, or Terrascan
• Basic programming skills in JavaScript, TypeScript, Python
• experience with version control (e.g., Git) and CI/CD pipelines
• Manage and tune WAF and firewall configurations (e.g., Cloudflare or equivalent) to protect
• Familiarity with security principles, standards, and best practices, including common vulnerabilities (e.g., OWASP Top 10), secure coding, encryption, authentication, access control, and security testing
• Proficiency in methodologies and tools, including understanding CI/CD pipelines, infrastructure automation (e.g., Docker, Kubernetes), configuration management, and monitoring/observability
• Ability to assess risks and apply security controls, encompassing an understanding of threat modeling, risk assessment techniques, vulnerability management, and incident response planning
• Effective collaboration with cross-functional teams (developers, security, operations), promoting security practices, and integrating security seamlessly into the development process
• Proficiency in automation tools
• knowledge of security scanners (e.g., SAST, DAST), vulnerability management systems, log analysis tools, and security-focused frameworks for automating security processes

While not mandatory, possessing relevant security certifications is considered advantageous, enhancing credibility and demonstrating commitment to security practices.

• Stock grant opportunities dependent on your role, employment status and location
• Additional perks and benefits based on your employment status and country
• The flexibility of remote work, including optional WeWork access