Join a fast-paced DevOps team that is responsible for all of the company’s AWS cloud infrastructure and implement security automation throughout the infrastructure and SDLC. The role is responsible for securely implementing business and technical requirements of various teams within the organization while maintaining regulatory compliance with programs such as NIST, SOC2, and PCI.
The Senior DevSecOps Engineer adheres to standards, best practices, and internal processes and procedures, however, will also shape change, bringing both enhanced security and innovation to our systems. A “fail fast” approach is encouraged. The Senior DevSecOps Engineer will lead the current security initiatives (HashiCorp Vault, mutual TLS, SSO) to ensure our systems are robust, auditable, and resistant to external and internal threats of all types.
Engineers joining this organization can expect to enjoy a culture embracing the concepts of Continuous Delivery, Total Quality Management, Knowledge Sharing, Personal and Career Advancement, Empowerment, Innovation, and Collective Ownership.
Duties & Responsibilities
- Be the Subject Matter Expert on the technical requirements in compliance programs. (NIST, SOC2, PCI)
- Collaborate with InfoSec to identify security improvements and develop a roadmap to implement the improvements using automation and DevOps tools.
- Build and maintain HashiCorp Vault infrastructure and integrations.
- Develop and maintain client libraries to integrate DevSecOps tools.
- Develop Sentinel policies for HashiCorp Terraform.
- Maintain, mature, and audit security processes in our code and infrastructure.
- Automate and codify supporting security systems in all phases of the SLDC.
- Participate in compliance audits as a security SME.
- Mentor junior team members and co-workers on security best practices.
- Work and collaborate effectively in a geographically dispersed team.
- Create and document standardized processes, procedures, and policies.
- Keep up to date on DevSecOps trends and best practices.
- May need to work off-hours in response to production issues or high impact system changes
- Demonstrated AWS experience and/or AWS Associate Level Certification
- Experience with AWS security and infrastructure best practices.
- Experience with compliance programs such as NIST, SOC2, and/or PCI.
- Experience with Kubernetes and securing container workloads.
- Experience with the infrastructure automation tools HashiCorp Terraform and AWS CloudFormation.
- Experience with security automation tools like HashiCorp Vault, AWS KMS, SSM, Secrets Manager, AWS Inspector.
- Experience with a programming language such as python, nodejs, go, c# or java
- Experience with networking concepts, terminology, and configuration
- Experience with PKI infrastructure, authentication protocols like OIDC, OAuth, and SAML.
- The ability to communicate with technical and non-technical co-workers, at all levels of the org chart
- Flexibility. There are multiple teams, all working on separate projects and individual schedules. The Technology Team often has to respond to incidents (system crashes, network outages, performance spikes) and juggle priorities, all while making steady, reportable progress on sprint objectives
- Willingness to speak openly, honestly, and professionally in planning meetings, then accept the decision of the group (or group leader) and lean in with the Team to accomplish the set task
- AWS Professional level certification or Security Specialty certification
- Demonstrated Systems Administration ability on both Windows and Linux
- Experience with Active Directory and AD Group Policies
- Some knowledge of different database platforms especially as implemented in the AWS cloud, and the SQL language