DevSecOps Engineer

This is a fully remote position, open to applicants in Europe.

📋 Description

• Create and sustain automated security tools and processes to detect vulnerabilities, execute code analysis, oversee systems, and conduct security assessments.

• Collaborate with infrastructure and operations teams to design and implement secure cloud infrastructures, network architectures, and deployment methodologies.

• Deploy security monitoring tools and processes to proactively detect and respond to security incidents and irregularities.

• Promote collaboration and communication among development, operations, and security teams.

• Support compliance evaluations and audits to ensure conformity with regulatory mandates and industry standards.

⛳️ Requirements

• Over 3 years of experience in Security, SecOps, or DevSecOps roles.

• Practical experience in identifying, creating, and rectifying infrastructure misconfigurations using policy-as-code and Infrastructure as Code (IaC) security scanning tools like Checkov, tfsec, or Terrascan.

• Fundamental programming skills in JavaScript, TypeScript, and Python; experience with version control systems (e.g., Git) and CI/CD pipelines.

• Manage and optimize WAF and firewall settings (e.g., Cloudflare or equivalent) for protection.

• Understanding of security principles, standards, and best practices, including common vulnerabilities (e.g., OWASP Top 10), secure coding practices, encryption, authentication, access control, and security testing.

• Competence in methodologies and tools, encompassing an understanding of CI/CD pipelines, infrastructure automation (e.g., Docker, Kubernetes), configuration management, and monitoring/observability.

• Capability to evaluate risks and implement security controls, with knowledge of threat modeling, risk assessment techniques, vulnerability management, and incident response planning.

• Strong ability to work effectively with cross-functional teams (developers, security, operations), advocating for security practices and seamlessly integrating security into the development lifecycle.

• Expertise in automation tools; familiarity with security scanners (e.g., SAST, DAST), vulnerability management platforms, log analysis tools, and security-focused frameworks for automating security practices.

• While not essential, holding relevant security certifications is seen as beneficial, enhancing credibility and showcasing commitment to security practices.

🏝️ Benefits

• Opportunities for stock grants based on your role, employment status, and location.

• Additional perks and benefits tailored to your employment status and country.

• Flexibility of remote work, including optional access to WeWork facilities.