Senior SecOps Engineer
Remote job description
Lendi is Australia's #1 home loan platform and we're building technology-enabled to take the hard work out of home loans. We're passionate about how technology can revolutionise our industry and solve a key pain point in peoples' lives.
Lendi is looking for an experienced SecOps engineer to join our Platform team. The Platform team builds cross-team tooling and services that empower our product teams to deliver customer value efficiently, with confidence and to a high degree of quality.
The engineering department is going through significant changes and there are opportunities for you to help grow and shape the culture and technology going forward.
The Platform team is a small, tight and highly collaborative team working across multiple disciplines. We like to have fun and we work hard at looking after each other.
What you'll be doing:
You will be a valued member of our engineering team. We value evidence-backed opinions and will have the opportunity to play an integral part in driving the engineering team's rhythm, culture and processes with opportunities in planning and resource allocation, architecture and design, coding, deployment, and support.
- Promoting the security principles for the wider engineering team by leading:
- Threat modelling exercises
- Security awareness sessions
- Leading security initiatives such as:
- Maintaining a cyber security risk register
- Penetration testing
- Security monitoring
- Vendor assessments
- Working and coding with engineering teams to increase their developmental security practices
- Collaborating with the operations team to improve our security posture through COTS products and network infrastructure
- Vulnerability and Threat Management - Monitoring and Assessment, in the k8s container space.
- Collaborating with other business units such as compliance, marketing and data as required
- Working as part of a cross-functional dev/ops and sec/ops team as an individual contributor
- Mentoring junior members of the team on security best practices
- Providing expertise in identifying, analysing and addressing security concerns
- Establishes and promotes automated IT security solution frameworks for re-use in development and production scenarios.
- Evaluates new processes, products and tools to drive continuous improvement and reduced risk in IT security
- Create increased visibility into the security of the infrastructure and, ultimately, create a stronger security posture
What you'll bring:
- A passion for promoting a security-first culture where security is at the forefront of everyone's mind
- A solid and up-to-date understanding of security best practices, with a focus on cloud controls, design, incident handling procedures and management
- A desire to make security simple
- Strong experience in designing and securing microservices deployed to the cloud
- Experience working with configuration as code and CI/CD
- A strong grasp on best practices and the ability to guide
- A "You build it, you own it!" mentality
- A desire to continually improve the way in that you and your teamwork
- The ability to communicate clearly and effectively with your peers, managers and stakeholders
- Empathy for your colleagues and the challenges they face
- Deep knowledge of networking, infrastructure and applications from a DevOps perspective with a security focus
- Hands-on experience in implementing and maintaining security controls across a range of infrastructure, including Cloud.
- Knowledge and experience with cloud-native security tooling (particularly in AWS), as well as access management solutions (Auth0)
- Experience with logging and monitoring in a security context
- A passion for maintaining high-quality secure code, identifying common coding flaws, security issues around operation and management of software.
- Perform security assessments to ensure that vulnerabilities are patched and security best practices are applied
It would be great to bring, but is not required to have:
- Experience working with AWS e.g. CloudFormation, Terraform, IAM, WAF
- Experience with Node.js and/or Typescript
- Experience with Docker and containerised environments
- Experience with Serverless and serverless architectures
- Experience in securing workloads in a Kubernetes environment
- Understanding of event-driven systems
- A background in software development
- An interest in "red team" methodologies
Benefits and perks:
- We take Career development seriously. We have the opportunities, budget and frameworks in place to propel your career in the direction you want to take it
- 'Flex First' - flexibility of remote working (home and/or office)
- A week's additional annual leave after 3 years' service
- 'Awesome Days' - an extra day's leave a year to do something awesome!
Lendi is an equal opportunity employer and values diversity at our company.
Job title: Senior SecOps Engineer at Lendi (Sydney, Australia) (allows remote)
Job tags: security, aws, devsecops, penetration testing, microservices