SSENSE is looking for an DevSecOps to join our rapidly growing technology team. They will work seamlessly with our ITOps and DevOps teams to drive all aspects of securing Infrastructure, Information and the design, build, and automation processes of our operations.
We’re seeking a highly technical cloud computing security expert with DevOps automation experience to work on enabling a secure foundation for hosting critical workloads in our Multi-Cloud Platforms. As a member of the SSENSE Information Security team, you will work to embrace cloud-based technologies across multiple providers (AWS, Google, Azure) supporting differing service categories (IaaS, SaaS, PaaS). You will work with our application developers to establish best practices and the most secure cloud platform with automated, repeatable processes.
While you must be able to communicate effectively with our customers to help them understand security issues and solutions as well as continuous delivery/Cloud concepts, this is very much a “hands-on”role.
RESPONSIBILITIES
Develop security automation and APIs in the Public Cloud across the key pillars of security (i.e., IAM, CI/CD Security, Security Logging, Incident Response, Data Protection, Compliance Validation).
Vulnerability Management, Platform and Application Threat Modeling, etc.
Collaborate with all engineering departments to build and integrate existing security solutions.
Perform and participate in technical vulnerability assessments of systems currently in place in addition to security evaluations.
Implement secure design principles throughout the SDLC.
Manage security vendor products.
Driving the mitigation of reported risks from continuous monitoring solutions.
Gain deep security-level knowledge of cloud environments, and continuous monitoring solutions to understand and explain security risks and mitigation techniques.
Assist in the implementation of a formalized information security awareness offering.
Represent the Security Automation team with various stakeholders including App Development, Compliance, Legal, Cloud Engineering to gather requirements;negotiating acceptance of security controls, and influence stakeholders to adopt security controls.
Create automated solutions with Cloud Formation, Terra Form, Jenkins and other DevOps tools. While effective and articulate communication is essential, being able to breathe life into those ideas with code is equally critical. You will be expected to Evolve and strengthen the DevSecOps discipline with “Security as Code”to implement code-based preventive, detective, and reactive controls in the Public Cloud.
Engage with all levels of leadership to gather requirements and build appropriate cloud security technology roadmaps and implementation plans.
Qualifications
Bachelor’s degree in Computer Science, Information Security, or a related field
A minimum of 3 years experience in Security or Information Technology
A minimum of 2 years experience with AWS/Public Cloud (AWS, Google or Azure)
Experience with Python, Typescript, JavaScript or Bash
Experience with AWS SDK and CLI
Experience with JSON/CloudFormation/Terraform
Hands-on experience with Security Services in AWS such as IAM, KMS, VPC, Security Groups, and AWS Inspector
Expertise in at least four of the following: Data Protection, Compliance Validation, Vulnerability Analysis, Network Security, Infrastructure Security, CICD Security, Identity and Access Management, Logging and Monitoring, Incident Response, Big Data and Analytics, and Resiliency
Hands-on Experience with management services such as CloudWatch, Lambda and AWS Config. and Infrastructure and Platform Services (e.g., EC2, RDS)
Extensive knowledge of and skill with Docker, ECS, Kubernetes, and Containers
Additional Information
Ability to communicate technical concepts and complexity to all types of audiences
Ability to comply with regulatory requirements
Strong collaboration and influencing skills
High work ethic and results-oriented
High sense of accountability and ownership
Solution-oriented mindset and can-do attitude to overcome challenges
Team player with superior communication skills
Ability to thrive in a fast-paced environment and master frequently changing technologies and techniques
Ability to lead a project from initial conceptual stages through to completion