Senior DevSecOps Engineer

An established company transforming the customer support and service space using AI and Machine Learning technologies is looking for a Senior DevSecOps Engineer. The engineer will help define the security roadmap and take the lead in defining security protocols through technical solutions, process, and access control. The company is a well-funded startup with investments from top-tier investors in Silicon Valley and delivers a highly proactive customer support experience platform. The selected candidate will take ownership of projects and build features while working full-time and long-term. This position requires some overlap with the EST/PST time zones. 

Job Responsibilities:

• Analyze the SDLC pipeline for security issues from development to QA to production to post-production
• Identify and define solutions to ensure secure access for end-users and internal employees 
• Remediate potential vulnerabilities, ensure data is encrypted at rest and in motion
• Ensure security best practices, implement and practice industry-leading security protocols
• Build and monitor best practices with regard to customer data handling, internal employee access to customer data, production VPCs and supporting infrastructure
• Put into practice processes to facilitate employee provisioning (onboarding/offboarding), SSO (Single Sign On), and cloud permissions
• Participate in routine threat detection (port scanning, penetration testing, CVE updates, Container Vulnerability Scans) and remediate based on criticality
• Play a key role in working with auditors to ensure timely renewal of the SOC2, ISO27001, and HIPAA certifications 
• Participate in sprint planning and scrum ceremonies 
• Operationalize work in iterable chunks to avoid ambiguity
• Evaluate solutions from vendors and help the team to arrive at build/buy/adopt OSS decisions
• Prepare security policies and enforce them company-wide

Job Requirements:

• Bachelor’s/Master’s degree in Engineering, Computer Science (or equivalent experience)
• At least 3-5+ years of relevant experience as a DevSecOps engineer
• Deep understanding of securities and the complexities of best practices for SaaS products
• Familiarity with cloud platforms (GCP and other cloud providers)
• Experienced in automating and integrating security operations into DevOps processes
• extensive expertise in containerization (Docker) and Container orchestration (Docker-Swarm, Kubernetes)
• Proficient in performing automation via Terraform and Python scripts 
• Solid skills in Chef, Puppet, Ansible, and Jenkins to ensure that the CI/CD pipeline is secure
• Understand industry standard release automation tools and processes
• Familiar with SIRP, SIEM, and IDS/IPS/WAF solutions (Snort, Mod-Security in Open Source, Splunk, etc.)
• Proficient with modern Authentication and Authorization tools (OAuth2, SAML, LDAP, etc.) 
• Expertise in Auth0 and/or Okta or similar vendors
• Strong interpersonal and teaming skills in an extremely collaborative environment 
• Track record of working with a distributed team and previous SaaS startup experience
• Exceptional written and verbal communication skills 
• Strong ability to work with some levels of ambiguity in terms of requirements and develop documentation
• Comfortable working with Agile development methodology and fluent with Git/GitHub