DevSecOps

Required DevSecOpsAbout the Role:As a DevSecOps engineer you will be a part of our DevOps group and play a critical role in designing and implementing application and infrastructure security programs that will make sure that our systems continue to be secure and compliant with our clients high bar.You will work closely with developers and DevOps engineers to help identify and remediate application and infrastructure security issues.What youll do:Implement an application security programDesign and implement security automation and controls within CI/CD pipelines utilizing SAST, DAST and SCA toolsCollaborate on architecture reviews, threat modeling, and developer security training sessions to elevate AppSec maturityImplement an infrastructure security programIntegrate and implement CSPM controls within a high scale cloud environment.Own strategy for security in IAM, secret management and similar security-critical componentsOwn security training and review for DevOps teams.Orchestrate execution of penetration testing on infrastructure and application and a bug bounty programOwn compliance processes within DevOpsBuild and continuously improve SOC2 compliance processes and audit readiness toolingLead technical responses for internal and external audits, working closely with GRC, engineering, and cloud teams to resolve gaps and strengthen security posture.​Requirements: At least 3 years of experience in Application Security and Infrastructure Security in a SaaS company operating in a highly regulated market (finance, healthcare, crypto, security)Experience managing SoC2 or ISO 27001 certifications.Strong software development capabilities and application security knowledge.Strong expertise in AWS, Google Cloud, and Azure security best practices.​Hands-on work with CI/CD, IAC, artifact repositories and related technologies (GitHub Actions, Jenkins, ArgoCD, JFrog, Terraform, CloudFormation)Hands-on work with CSPM, SCA, SAST, secret scanning and similar tools (ORCA, Veracode, )Hands-on work with building automations and integrations around security tools.Familiarity with SOC 2, ISO 27001, or NIST frameworks and 24x7 cloud security operations in regulated environments.​This position is open to all candidates.