Required Security DevOps Engineer
Realize your potential by joining the leading performance-driven advertising company!
The ideal candidate will bridge high-level security governance with hands-on, automated security implementation across the Software Development Life Cycle (SDLC).
This individual will be a critical enabler, empowering teams to move swiftly and deliver exceptional value to our clients, all while upholding the required security standards. A proven track record in successfully balancing rapid innovation with robust security practices is essential for this role.
How youll make an impact:
As the DevSecOps Engineer, you will be responsible for creating a secure-by-design culture and leading the operational implementation of our security strategy. You will:
Build the Secure SDLC (SSDLC) Strategy: Develop, own, and execute the companys comprehensive DevSecOps strategy, focusing on automation to manage security at scale from code check-in to production deployment.
Lead Key Security Engineering Initiatives: Lead and manage security engineering programs, including:
Maturing the security tools stack (e.g., implementing WAF, and automating SCA/SAST tools).
Owning the bug bounty and responsible disclosure programs triage and remediation tracking.
Enhancing the Identity and Access Management (IAM) framework through concepts like Just-In-Time (JIT) and Zero Trust principles.
Operationalize CVE Tracking and Remediation: Design and implement a scalable system for discovering, tracking, and prioritizing Common Vulnerabilities and Exposures (CVEs) in third-party and custom code. Drive the engineering teams to achieve security risk remediation goals by providing clear, actionable data and automated patching mechanisms.
Measure & Drive Improvement: Develop and maintain key DevSecOps metrics (e.g., Mean Time To Detect/Remediate – MTTD/MTTR, percentage of code coverage by SAST/SCA tools) to measure the effectiveness of automated controls and provide a data-driven picture of the application security posture.
Embed Security Engineering: Spearhead R&D DevSecOps initiatives, partnering directly with engineering teams to select, deploy, and maintain security tools, establishing security gates and best practices throughout the product development lifecycle.
Realize your potential by joining the leading performance-driven advertising company!
The ideal candidate will bridge high-level security governance with hands-on, automated security implementation across the Software Development Life Cycle (SDLC).
This individual will be a critical enabler, empowering teams to move swiftly and deliver exceptional value to our clients, all while upholding the required security standards. A proven track record in successfully balancing rapid innovation with robust security practices is essential for this role.
How youll make an impact:
As the DevSecOps Engineer, you will be responsible for creating a secure-by-design culture and leading the operational implementation of our security strategy. You will:
Build the Secure SDLC (SSDLC) Strategy: Develop, own, and execute the companys comprehensive DevSecOps strategy, focusing on automation to manage security at scale from code check-in to production deployment.
Lead Key Security Engineering Initiatives: Lead and manage security engineering programs, including:
Maturing the security tools stack (e.g., implementing WAF, and automating SCA/SAST tools).
Owning the bug bounty and responsible disclosure programs triage and remediation tracking.
Enhancing the Identity and Access Management (IAM) framework through concepts like Just-In-Time (JIT) and Zero Trust principles.
Operationalize CVE Tracking and Remediation: Design and implement a scalable system for discovering, tracking, and prioritizing Common Vulnerabilities and Exposures (CVEs) in third-party and custom code. Drive the engineering teams to achieve security risk remediation goals by providing clear, actionable data and automated patching mechanisms.
Measure & Drive Improvement: Develop and maintain key DevSecOps metrics (e.g., Mean Time To Detect/Remediate – MTTD/MTTR, percentage of code coverage by SAST/SCA tools) to measure the effectiveness of automated controls and provide a data-driven picture of the application security posture.
Embed Security Engineering: Spearhead R&D DevSecOps initiatives, partnering directly with engineering teams to select, deploy, and maintain security tools, establishing security gates and best practices throughout the product development lifecycle.
Requirements:
Deep DevSecOps Expertise: 5+ years of experience in a senior DevSecOps or Application/Product Security role, with a strong, working knowledge of DevSecOps principles and the modern application threat landscape (e.g., OWASP Top 10).
DevSecOps Focus: Proven ability to shift left security by embedding automated security controls (SAST, DAST, SCA, IAST) into CI/CD pipelines.
Open Source Security & Supply Chain Mastery: Deep, hands-on experience managing and hardening open-source software dependencies.
Key Focus: Expertise in utilizing Software Composition Analysis (SCA) tools (e.g., Dependency-Check, Snyk, Black Duck) to maintain an accurate Software Bill of Materials (SBOM) for all products.
Vulnerability & Risk Management Pro: Proven ability to establish and own a continuous CVE tracking and remediation process.
Key Focus: Expertise in risk-rating vulnerabilities based on exploitability and business impact, and driving engineering teams to remediate security risks efficiently using automation and clear Service Level Objectives (SLOs).
Audit & Compliance Automation: Proven, hands-on experience managing security audits and certification programs (e.g., SOC 2, ISO 27001) by leveraging security as code principles and automating evidence collection to demonstrate compliance across the pipeline.
Leadership & Influence: Strong leadership skills with the ability to build consensus and partner with R&D, Platform Engineering, and IT teams to embed security practices without being a bottleneck.
Deep DevSecOps Expertise: 5+ years of experience in a senior DevSecOps or Application/Product Security role, with a strong, working knowledge of DevSecOps principles and the modern application threat landscape (e.g., OWASP Top 10).
DevSecOps Focus: Proven ability to shift left security by embedding automated security controls (SAST, DAST, SCA, IAST) into CI/CD pipelines.
Open Source Security & Supply Chain Mastery: Deep, hands-on experience managing and hardening open-source software dependencies.
Key Focus: Expertise in utilizing Software Composition Analysis (SCA) tools (e.g., Dependency-Check, Snyk, Black Duck) to maintain an accurate Software Bill of Materials (SBOM) for all products.
Vulnerability & Risk Management Pro: Proven ability to establish and own a continuous CVE tracking and remediation process.
Key Focus: Expertise in risk-rating vulnerabilities based on exploitability and business impact, and driving engineering teams to remediate security risks efficiently using automation and clear Service Level Objectives (SLOs).
Audit & Compliance Automation: Proven, hands-on experience managing security audits and certification programs (e.g., SOC 2, ISO 27001) by leveraging security as code principles and automating evidence collection to demonstrate compliance across the pipeline.
Leadership & Influence: Strong leadership skills with the ability to build consensus and partner with R&D, Platform Engineering, and IT teams to embed security practices without being a bottleneck.
This position is open to all candidates.
