DevSecOps Engineer
San Francisco, California, United States - Remote
As a DevSecOps Engineer at Authorium, you'll play a vital role in building and maintaining our secure and scalable SaaS platform hosted on AWS by bridging the gap between development and security, implementing robust application security measures aligned with NIST 800-53, and engineering secure infrastructure. You'll work closely with developers, security experts, and other operations teams to ensure our platform's security, reliability, and performance.
- Application Security:
- Integrate security vulnerability scanning, SAST, and DAST tools into the CI/CD pipeline.
- Manage vulnerability and code scanning tools to ensure adequate coverage and efficient vulnerability remediation.
- Conduct security reviews of code, APIs, and infrastructure designs.
- Partner with the engineering team to implement security measures and remediate any discovered vulnerabilities.
- Security Infrastructure Engineering:
- Design, build, and deploy secure infrastructure on AWS Commercial and AWS GovCloud using Infrastructure as Code (IaC) technologies like Terraform.
- Oversee management of security controls within the AWS ecosystem, including IAM roles and policies, VPCs, security groups, and encryption.
- Automate security tasks and configuration management.
- Monitor and analyze security alerts to identify and respond to potential threats.
- Collaborate with the DevOps team to integrate security considerations into CI/CD pipelines.
- Defence in Depth
- High-Availability/Disaster Recovery/Business Continuity
- Drift Detection/Remediation
- E2EE (end to end encryption)
- Role-based access controls (RBAC)
- Incident Response
- Least Privilege
- Familiarity with the following technologies:
- Linux
- Kubernetes
- Helm
- CircleCI
- Git
- GitHub Actions
- AWS tools and services:
- AWS Security Hub
- Amazon GuardDuty
- Amazon Inspector
- Amazon CloudWatch
- AWS CloudTrail
- AWS WAF & Shield
- AWS Key Management Service (KMS)
- AWS Systems Manager Parameter Store
- AWS Secrets Manager
- AWS Lambda
- AWS IAM
- Amazon EC2
- Amazon ECR
- Amazon ECS
- Amazon EKS
- Amazon EFS
- Amazon S3
- Amazon RDS
- General DevSecOps:
- Collaborate with development and security teams to define and implement DevSecOps principles and best practices.
- Manage and automate security testing procedures within the CI/CD pipeline.
- Stay informed about new DevSecOps tools and technologies.
- Communicate effectively with technical and non-technical stakeholders.
Requirements
- Bachelor's degree in Information Security, Computer Science, or a related field or equivalent work experience.
- Minimum of 2 years of experience in information …
This job isn't fresh anymore!
Search Fresh JobsJob Profile
Flexible PTO Home office stipend
Tasks- Conduct security reviews
Analytical AWS Bash CircleCI Communication Compliance Continuous Monitoring DAST DevSecOps FedRAMP Git IAM Incident Response Information security Kubernetes Linux NIST 800-53 Problem-solving Python RBAC SaaS SAST Security Testing Terraform VPC
Experience2 years
EducationBachelor's degree Bachelor's degree in Computer Science Bachelor's degree in information security Computer Science Design Information Security Related Field
Certifications TimezonesAmerica/Anchorage America/Chicago America/Denver America/Los_Angeles America/New_York Pacific/Honolulu UTC-10 UTC-5 UTC-6 UTC-7 UTC-8 UTC-9