Sr DevSecOps Engineer

About The Position

Requirements

• Passionate about security
• A team player who enjoys collaborating with cross-functional teams
• A great communicator (written and verbal) with an ability to articulate complex topics in a clear and concise manner
• Employs a flexible and constructive approach when solving problems
• Proficient with development and scripting languages, Python and JavaScript preferred
• Strong knowledge of data security principles, encryption techniques, access controls, and secure coding practices
• Experienced with infrastructure-as-code concepts and tooling, including Terraform and YAML
• Continuously looking for opportunities to improve our processes and capabilities
• Experienced working with application and engineering teams
• A self-directed individual contributor
• Bachelor's or equivalent experience with an emphasis in computer science, computer engineering, software engineering, or an MIS related field
• 5+ years of experience in cloud and on-prem technologies (systems administration of Unix/Linux/Windows, AWS PaaS databases, database activity monitoring, DSPM tools)
• 5+ years of experience in development, infrastructure, or cybersecurity
• Understanding of applicable risk management frameworks from NIST and Data Security Maturity Model
• Experience with CICD pipelines to automate application and infrastructure code deployments
• Experience with workload orchestration platforms such as Kubernetes
• Understanding of a wide-range of cybersecurity capabilities including data security, security engineering, identity and access management, incident response, logging and monitoring, and penetration testing
• Relevant certifications from GIAC, ISC(2), ISACA, and other recognized cybersecurity industry organizations

Responsibilities

• Engineer solutions with a focus on automation to reduce manual and repetitive tasks
• Guide and advise application and engineering teams in the area of Data Security
• Manage day-to-day support of Data Security tools integrated into our on-premise and cloud database environments (relational & NoSQL)
• Manage technical support of Data Security capabilities and respond to service and escalation tickets within service-level agreements
• Design, implement, and maintain procedures, processes, and methodologies that support DevSecOps capabilities
• Actively monitor, assess, and recommend tactical and strategic initiatives based on new and emerging threats posing risk to our company
• Stay apprised of current and proposed security changes impacting regulatory, privacy, and security industry best practices
• Manage remediation efforts after security assessment findings outline weaknesses requiring attention
• Mentor other staff members to ensure consistency, quality and productivity of deliverables