Requied DevSecOps
About the Role:
As a DevSecOps engineer you will be a part of our DevOps group and play a critical role in designing and implementing application and infrastructure security programs that will make sure that our systems continue to be secure and compliant with our clients high bar.
You will work closely with developers and DevOps engineers to help identify and remediate application and infrastructure security issues.
What youll do:
Implement an application security program
Design and implement security automation and controls within CI/CD pipelines utilizing SAST, DAST and SCA tools
Collaborate on architecture reviews, threat modeling, and developer security training sessions to elevate AppSec maturity
Implement an infrastructure security program
Integrate and implement CSPM controls within a high scale cloud environment.
Own strategy for security in IAM, secret management and similar security-critical components
Own security training and review for DevOps teams.
Orchestrate execution of penetration testing on infrastructure and application and a bug bounty program
Own compliance processes within DevOps
Build and continuously improve SOC2 compliance processes and audit readiness tooling
Lead technical responses for internal and external audits, working closely with GRC, engineering, and cloud teams to resolve gaps and strengthen security posture.
About the Role:
As a DevSecOps engineer you will be a part of our DevOps group and play a critical role in designing and implementing application and infrastructure security programs that will make sure that our systems continue to be secure and compliant with our clients high bar.
You will work closely with developers and DevOps engineers to help identify and remediate application and infrastructure security issues.
What youll do:
Implement an application security program
Design and implement security automation and controls within CI/CD pipelines utilizing SAST, DAST and SCA tools
Collaborate on architecture reviews, threat modeling, and developer security training sessions to elevate AppSec maturity
Implement an infrastructure security program
Integrate and implement CSPM controls within a high scale cloud environment.
Own strategy for security in IAM, secret management and similar security-critical components
Own security training and review for DevOps teams.
Orchestrate execution of penetration testing on infrastructure and application and a bug bounty program
Own compliance processes within DevOps
Build and continuously improve SOC2 compliance processes and audit readiness tooling
Lead technical responses for internal and external audits, working closely with GRC, engineering, and cloud teams to resolve gaps and strengthen security posture.
Requirements:
At least 3 years of experience in Application Security and Infrastructure Security in a SaaS company operating in a highly regulated market (finance, healthcare, crypto, security)
Experience managing SoC2 or ISO 27001 certifications.
Strong software development capabilities and application security knowledge.
Strong expertise in AWS, Google Cloud, and Azure security best practices.
Hands-on work with CI/CD, IAC, artifact repositories and related technologies (GitHub Actions, Jenkins, ArgoCD, JFrog, Terraform, CloudFormation)
Hands-on work with CSPM, SCA, SAST, secret scanning and similar tools (ORCA, Veracode, )
Hands-on work with building automations and integrations around security tools.
Familiarity with SOC 2, ISO 27001, or NIST frameworks and 24×7 cloud security operations in regulated environments.
At least 3 years of experience in Application Security and Infrastructure Security in a SaaS company operating in a highly regulated market (finance, healthcare, crypto, security)
Experience managing SoC2 or ISO 27001 certifications.
Strong software development capabilities and application security knowledge.
Strong expertise in AWS, Google Cloud, and Azure security best practices.
Hands-on work with CI/CD, IAC, artifact repositories and related technologies (GitHub Actions, Jenkins, ArgoCD, JFrog, Terraform, CloudFormation)
Hands-on work with CSPM, SCA, SAST, secret scanning and similar tools (ORCA, Veracode, )
Hands-on work with building automations and integrations around security tools.
Familiarity with SOC 2, ISO 27001, or NIST frameworks and 24×7 cloud security operations in regulated environments.
This position is open to all candidates.
