Responsibilities
- Design, build, and maintain security tools, scripts, and automations to enhance the effectiveness and efficiency of security workflows.
- Partner with Engineering teams to manage and drive remediation of security vulnerabilities identified via internal and external sources.
- Evaluate and prioritize security risks based on industry standards (e.g., CVSS, CWE) and business context to ensure timely risk reduction.
- Recommend, implement, and optimize technical controls to effectively reduce organizational risk.
- Ensure security policies and standards are being properly applied throughout the entire organization.
- Manage and optimize a suite of security tools, including SOAR, EDR, DLP, and other solutions.
- Author Agile stories, estimate story points, assist with sprint planning, and retrospectives.
- Maintain and create secure development best practices for our engineering teams.
- Identify risks in software architecture and internal development processes.
- Participate in a rotating on-call schedule for incident monitoring and triaging of security-related events.
Requirements
- 5+ years of experience in Information Security, DevSecOps, or a combined background in DevOps/Software Engineering, with a focus on vulnerability management and technical security assessments.
- Deep technical understanding of modern systems architecture, including Cloud (AWS), containers/orchestration (Kubernetes, Docker), and serverless workflows.
- Experience with vulnerability analysis, including understanding CVEs, and identifying/remediating security issues within application code.
- Proficiency in a Git-based development environment, including workflows like CI/CD, PRs, and repository management.
- Experience integrating security tooling into CI/CD pipelines and using Agile/Lean methodologies with tools like JIRA/Confluence.
- Literacy in at least one modern programming or scripting language (e.g., Python, Ruby, Java, JavaScript).
- Experience designing, building, or operating SOAR or SIEM platforms, and utilizing system metrics for security monitoring and alerting.
- Effective written and verbal communication skills, with a proven ability to collaborate and drive security initiatives across technical and non-technical teams.
Nice to Have
- Knowledge of security standards and compliance frameworks (e.g., PCI, SOC2, NIST 800-53).
- 2+ years working directly on a DevOps or DevSecOps team.
- Expertise in Infrastructure-as-Code (IaC), including using Terraform to manage and implement secure cloud architectures (AWS).
- Experience building pipelines for Continuous Delivery and integrating SDLC security tooling and flexible automations.
- Advanced experience with security operations technologies, including SOAR/SIEM solutions, incident response, and root cause analysis.
- Ability to perform security troubleshooting in complex cloud and container environments.
- Relevant security certifications (CISSP, CCSP, GCIA, GCIH) are a plus.
- Proven ability to drive organizational change regarding security and a passion for innovative security projects.
- Comfortable working in a fast-paced, rapidly scaling, and complex product environment.
