About the job
Onapsis is on a mission to safeguard the most critical business applications that business depends on daily. Over 20% of the Fortune 100 rely on Onapsis to secure their business-critical applications and ensure they are compliant and available.
We are looking for self-motivated and enthusiastic DevSecOPS Engineers who want to impact cybersecurity by continuing to advance, maintain, and enhance our platform features in Threat Detection & Response, Vulnerability Management, and Compliance Automation.
What you will be doing, your legacy:
Working with leadership, product management, and the Onapsis Engineering and Operations teams. You will evaluate, scoop, propose, and build features to fulfill business solution requirements to protect our customers and move our SDLC towards a more security-centric approach (Shift-Left-On-Security). Work collaboratively with a team of InfoSec and Platform Engineers, SREs, and product managers to iterate toward a secure product definition and realization. Additionally, you will be working integrated with our DevOps team to take the CICD frameworks, SDLC, and related tools to the next level of maturity in terms of security, technologies, and architecture design while advancing our quality engineering processes to deliver high-quality products and services.
Requirements:
- Passionate about learning new technologies and help build the technical strategy
- 1+ years of professional experience in DevOps practices and Cloud Computing technologies
- Excellent knowledge of Version Control Tools and CI/CD Tools (Git, GitLab) and related concepts such as branching/versioning strategies etc.
- Good knowledge of IAC and related technologies such as Terraform
- Hands-on experience in developing CICD workflows/pipelines
- Good knowledge of AWS Cloud Technologies (S3, EC2, Lambda)
- Good knowledge of containerization technologies such as Docker and related orchestration frameworks such as Kubernetes
- Good knowledge of Linux environments around system administration, networking, IAM, and basic troubleshooting skills.
- Knowledge of troubleshooting distributed systems using observability and monitoring tools such as New Relic, Grafana, or OpenTelemetry stack
- 1+ years of professional experience in Cybersecurity practices with expertise in
- Penetration testing and related frameworks
- SAST, DAST, SCA, OSS concepts and associated tools
- Security Compliance and Auditing knowledge is considered a plus: ISO 27001/27002, NIST 800-53, PCI DSS, CIS Critical Security Controls, etc
- Understand the concepts, technologies, and hands-on experience in implementing Shift-Left-On-Security approaches in the SDLC
- Hands-on experience in conducting a Threat Modeling exercise
- Hands-on experience in Security Operations is considered a plus
- Some key activities:
- Conduct internal software security training.
- Conduct and design Incremental Security tests.
- Conduct platform security assessments and vulnerability patching
- Perform Security code reviews
- Verify reported vulnerabilities and exploits.
- Evaluate Security Releases and generate reports.
- Good understanding of the Software Development Life Cycle and its phases and how to implement a Shift-Left-On-Security Approach
- Programming experience with any OOP/Scripting Language. Python, Bash, etc
- Bachelor’s Degree in Systems Engineering, Computer Science, or a related field.
- Great verbal and written communication skills is needed for team collaboration
Desired skills or interests in:
- Cybersecurity and DevOps
- Security software development best practices
- Cloud-native application development and Cloud Technologies
- Experience taking a leading role in building complex software systems that have been successfully delivered to customers
- Knowledge of professional software engineering practices & best practices for the full secure software development life cycle, including coding standards, code reviews, source control management, build processes, testing, and operations
- A Shift-Left-On-Security approach advocate and related technologies and frameworks
- Experience with distributed computing and enterprise-wide systems
- Experience in communicating with users, other technical teams, and senior management to collect requirements, describe software product features, technical designs, and product strategy
- Experience influencing software engineers' best practices within your team
- Excellent written and oral English skills
What we offer:
- A role in shaping the future of protecting the most critical applications that run the world's business and a career that grows as the company grows.
- A unique culture of high achievement and teamwork.
- Supportive and humble colleagues are the space's top problem solvers and innovators.
- Financial security through competitive compensation and incentives.
Employment: Please note that this is a full-time employee role. No B2B or SRLs will be accommodated.
Location: Onapsis has established a new development center in Bucharest. This is a hybrid role, so candidates must be commutable to Bucharest.
About Onapsis:
Onapsis protects the business applications that run the global economy. The Onapsis Platform delivers vulnerability management, change assurance, and continuous compliance for business applications from leading vendors such as SAP, Oracle, and others. The Onapsis Platform is powered by the Onapsis Research Labs, the team responsible for the discovery and mitigation of more than 1,000 zero-day vulnerabilities in business applications.
Onapsis is headquartered in Boston, MA, with offices in Dallas, TX, Heidelberg, Germany, Bucharest, Romania, and Buenos Aires, Argentina, and proudly serves hundreds of the world’s leading brands, including close to 30% of the Forbes Global 100, six of the top 10 automotive companies, five of the top 10 chemical companies, four of the top 10 technology companies, and three of the top 10 oil and gas companies.
Onapsis only invites candidates to apply directly through reputable job boards or the Onapsis careers page on our website. Job offers are extended only after a face-to-face video interview with an Onapsis HR representative. Please disregard any outreach from Onapsis via forums, social networks, or other platforms, as these are fraudulent.
For more information, connect with Onapsis on LinkedIn or visit https://www.onapsis.com.
#LI-AC1
#Hybrid
What We Do
Onapsis protects the mission-critical applications that run the global economy, from the core to the cloud. The Onapsis Platform uniquely delivers actionable insight, secure change, automated governance and continuous monitoring for critical systems—ERP, CRM, PLM, HCM, SCM and BI applications—from leading vendors such as SAP, Oracle, Salesforce and others.
Onapsis is headquartered in Boston, MA, with offices in Heidelberg, Germany and Buenos Aires, Argentina. We proudly serve more than 300 of the world’s leading brands, including 20% of the Fortune 100, 6 of the top 10 automotive companies, 5 of the top 10 chemical companies, 4 of the top 10 technology companies and 3 of the top 10 oil and gas companies.
The Onapsis Platform is powered by the Onapsis Research Labs, the team responsible for the discovery and mitigation of more than 800 zero-day vulnerabilities in mission-critical applications. The reach of our threat research and platform is broadened through leading consulting and audit firms such as Accenture, Deloitte, IBM, PwC and Verizon—making Onapsis solutions the de-facto standard in helping organizations protect their cloud, hybrid and on-premises mission-critical information and processes.