Job Description
$120k – $200k • 0.0% – 1.0%
Company Overview
You will help design, develop, and lead cross-functional efforts to secure both our infrastructure and application services. You will support documentation for compliance and contribute to procedures for system reliability and incident response. Management is optional but mentorship is key.
Job Description
As a core contributor to the DevOps team, you will help design and develop sophisticated infrastructure and tooling that is integral to the development of application services. You will be key in helping us leverage cutting edge technologies not only for our own infrastructure but also in the design of our product offerings. Management is optional but mentorship is key.
Responsibilities
- Design, document, and execute a security and compliance program for infrastructure and apps
- Deploy, configure, and monitor security tools from endpoint solutions to code testing with CI/CD
- Conduct regular security assessments of our apps and architecture through penetration tests, vulnerability scans, threat modeling, and manual inspection
- Monitor security, drive response to vulnerabilities, and coordinate with incident responders
- Advise developers on resolving security findings to drive security compliance
- Participate in SOC2, regulatory, and other compliance audits.
Requirements
- BA/BS preferred in a technical or engineering field
- 3+ years experience
- Familiarity with security considerations such as isolating environments using network configurations, RBAC, security groups, bastion hosts or amazon workspaces, firewall setups
- Experience securing AWS infrastructure using tools like Audit Manager, Inspector, CloudTrail, Security Hub, GuardDuty, CloudWatch, CloudTrail, WAF, Shield, Secrets Manager, Cognito, KMS, and IAM for regulations such as SOX, GDPR, PCI
- Experience with code scanning procedures such as SCA, SAST, DAST, and related frameworks/tools such as OWASP, veracode or blackduck.
- Experience with vulnerability analysis, pen testing, and patch prioritization
- Effective understanding of security best practices such as least privilege, RBAC, protocols, authentication, authorization, endpoint security, network security, logging, and observability
Preference will be given to candidates with
- Experience using pen testing tools (Kali Linux, BurpSuite, nmap, metasploit, etc.)
- Experience with security policies for Terraform (IaC) controlling production infrastructure
- Experience training developers in various aspects of security to include secure coding, security requirements, static/dynamic security tools, etc.