Senior DevSecOps

We are a fast growing company that's focusing on improving and streamlining secure engineering and operational practices. Day to day responsibilities include design, implementation, and monitoring of security-oriented tooling, processes, automations, and compliance. This role will work closely with and provide security-related expertise to DevOps, Engineering, Compliance, and Legal roles.

Our platform requires 24/7 reliability and security (and thus after hours work is sometimes necessary), however we architect our infrastructure and applications with high-availability at top of mind so most updates and maintenance can be performed during normal business hours.

Duties and Responsibilities:

• Lead efforts to identify, prioritize, and remediate security-related issues across infrastructure and the software development lifecycle.
• Work with compliance, legal, and auditors to enable successful implementation of security and compliance frameworks/standards.
• Heavy focus on automation, documentation, collaboration, and training.

• Other duties as assigned.

Soft Skills:

• Self-starter with strong discipline and work ethic.
• Ability to quickly learn and adapt to new environments and tooling.
• Strong communication skills/be able to work in a collaborative environment.
• Ability to solve problems efficiently, effectively, and independently.

Required Experience:

• 5+ years of experience maintaining Linux server environments.
• 2+ years of experience in cloud environments. (Google Cloud preferred)
• 2+ years of experience with Docker and Kubernetes.
• Proficient in Bash and one or more other scripting languages.
• Familiar with automated configuration management, provisioning, and IaC tools and concepts. (Terraform, Salt, etc.)
• Knowledge of SOC, ISO27001, CIS, NIST, GDPR, CCPA, PCI-DSS and other privacy and security frameworks/standards.
• Experience coordinating and performing vulnerability assessments through the use of automated and manual tools.
• Deep knowledge of key management systems, certificate management, encryption, penetration testing, vulnerability scanning, security and monitoring tools, etc.
• Experience with SIRP, SIEM, and IDS/IPS/WAF solutions.
• Ability to work with APIs to integrate security tooling into CI/CD pipelines, reports, and automated processes.
• Knowledge of common attack vectors including OWASP Top 10, DDoS, Phishing, etc.

Physical Requirements:

• Prolonged periods of sitting, or standing if preferred, at a desk and working on a computer.

Limitations and Disclaimer:

The above job description is meant to describe the general nature and level of work performed; it is not intended as an exhaustive list of all duties, responsibilities, and required skills for the position. Employees will be required to follow any other job-related instructions and to perform other duties requested by their supervisor in compliance with Federal and State laws. The job description is subject to change at any time. Continued employment remains on an "at-will" basis.

***This position can be fully remote or in office**