About the Company:
Our client is a market leader in online lending.
About the role:
100% remote (always)
The Senior DevSecOps Engineer adheres to standards, best practices, and internal processes and procedures, however, will also shape change, bringing both enhanced security and innovation to our systems. A “fail fast” approach is encouraged. The Senior DevSecOps Engineer will lead the current security initiatives (HashiCorp Vault, mutual TLS, SSO) to ensure our systems are robust, auditable, and resistant to external and internal threats of all types.
Duties & Responsibilities:
- Be the Subject Matter Expert of the technical requirements in compliance programs. (NIST, SOC2, PCI)
- Collaborate with InfoSec to identify security improvements and develop a roadmap to implement the improvements using automation and DevOps tools.
- Build and maintain HashiCorp Vault infrastructure and integrations.
- Develop and maintain client libraries to integrate DevSecOps tools.
- Develop Sentinel policies for HashiCorp Terraform.
- Maintain, mature, and audit security processes in our code and infrastructure.
- Automate and codify supporting security systems in all phases of the SLDC.
- Participate in compliance audits as security SME.
- Mentor junior team members and co-workers on security best practices.
- Work and collaborate effectively in a geographically dispersed team.
Create and document standardized processes, procedures and policies.
- Keep up to date on DevSecOps trends and best practices.
- May need to work off-hours in response to production issues or high impact system changes
- Demonstrated AWS experience and/or AWS Associate Level Certification
- Experience with AWS security and infrastructure best practices.
- Experience with compliance programs such as NIST, SOC2, and/or PCI.
- Experience with Kubernetes and securing container workloads.
- Experience with the infrastructure automation tools HashiCorp Terraform and AWS CloudFormation.
- Experience with security automation tools like HashiCorp Vault, AWS KMS, SSM, Secrets Manager, AWS Inspector.
- Experience with a programming language such as python, nodejs, go, c# or java
- Experience with networking concepts, terminology, and configuration
- Experience with PKI infrastructure, authentication protocols like OIDC, OAuth, and SAML.
- The ability to communicate with technical and non-technical co-workers, at all levels of the org chart