DevSecOps Engineer

This is a fully remote position, open to applicants in Kansas.

📋 Description

• Security Automation & CI/CD Integration (Primary Focus): Integrate security controls and scanners (SAST, SCA, DAST, IaC, Container Security) into CI/CD workflows (GitHub Actions, Jenkins, GitLab CI, Azure DevOps).

• Design and oversee automated security processes throughout the build, test, and deployment phases.

• Implement security gates, enforce policies, and conduct compliance checks within pipelines.

• Cloud Security (AWS Focus): Safeguard cloud-native architectures within AWS (IAM, VPC, ECS/EKS, Lambda, S3, API Gateway).

• Integrate and operationalize CNAPP/CSPM tools (e.g., Wiz, Prisma Cloud).

• Enforce least privilege access, manage secrets, and provide runtime protections.

• Own Cloud Security: Establish and uphold security policies for our AWS environment, with a focus on containerized workloads (EKS/ECS) and serverless architectures (Lambda).

• Automate Compliance: Transition from manual verifications to building real-time monitoring and automated remediation for AWS resources, maintaining 'audit-ready' status for frameworks like PCI and ISO 27001.

• Lead Threat Modeling: Conduct thorough threat modeling on applications and designs, converting theoretical risks into actionable engineering strategies.

• Innovate with AI: Create security standards for Generative AI by leveraging AI-driven tools to assess our attack surface.

• Guard the Infrastructure: Secure our Infrastructure as Code (IaC) templates (Terraform/CloudFormation) and manage cloud primitives such as IAM, KMS, and WAF to uphold a 'least privilege' environment.

⛳️ Requirements

• An Experienced Defender: You possess 7-10 years in software engineering, DevOps, or cloud engineering, including 3+ years in a DevSecOps-focused role, with profound expertise in cloud security, vulnerability analysis, and incident response.

• A Cloud Specialist: You demonstrate significant expertise in the AWS environment and are highly skilled in securing Infrastructure as Code (Terraform) and containerized settings.

• Certified and Credentialed: You hold prestigious industry certifications (such as CISSP, SANS GIAC, or CASP) and have a solid understanding of compliance frameworks like PCI and ISO 27001.

• Technically Versatile: You are acquainted with OWASP, proficient with contemporary security tools, and capable of securing intricate API integrations and data protection layers.

• AI-Aware: You are knowledgeable about the changing landscape of AI regulations and possess the technical curiosity to explore how threat actors exploit AI to evade conventional controls.

• A Strategic Partner: You are a natural collaborator who can distill complex InfoSec initiatives into straightforward, manageable tasks for Engineering teams.

• An Elite Communicator: You can propose strategic methodologies to address legacy security issues and persuade stakeholders of the business advantages of a security-first approach.

• Core Skills & Capabilities: Extensive expertise in CI/CD pipelines (GitHub Actions, Jenkins).

• Strong practical experience with AWS cloud security.

• Proficiency in application security tools and their integration.

• Experience with container security (Docker, Kubernetes).

• Strong scripting/programming skills (Python, JavaScript).

• Understanding of modern DevSecOps and shift-left security practices.

• Excellent collaboration skills across engineering, security, and DevOps teams.

🏝️ Benefits

• Flexible vacation.

• Medical/dental/vision insurance.

• Traditional/Roth retirement savings options.

• Company-paid disability and life insurance.

• Flexible Spending Account & Limited FSA.

• Family-friendly parental leave, along with time off for volunteering and voting.

• Access to an on-demand wellness platform for you and five friends and family members.

• PerkSpot discount program offering deals from over 900 merchants nationwide.