Senior DevSecOps Engineer

Sorry, this job was removed at 09:21 p.m. (CST) on Wednesday, Jul 17, 2024
Easy Apply
Hiring Remotely in USA
Remote
Internship
AdTech • Cloud • Digital Media • Enterprise Web • Marketing Tech • Software
Built for the Big Stream™
The Role

Madhive is the leading tech company engineered for modern TV advertising. Advertisers seamlessly customize and automate the OTT buying process into an operating system with our self-service platform. Powered by our industry-leading bidder and device graph that processes 260 billion available ad opportunities per day, we deliver precise, brand-safe, audience connections efficiently at scale.

We are seeking an experienced Senior DevSecOps Engineer to join our Cybersecurity team. The successful candidate will enhance our security posture by focusing on the key functions of Protect, Detect, and Respond as outlined by the NIST Cybersecurity Framework. You will drive improvements in our CI/CD security, Cloud security, Attack Surface management, and Incident Response capabilities.

In this role, you will be a pivotal figure in shaping our cybersecurity strategy and execution. Collaboration with our development, operations, and product teams will be central to your responsibilities.

What you’ll do:

Protect:

  • Implement and manage safeguards to protect the organization’s cybersecurity assets.

  • Ensure the security of CI/CD pipelines through practices like static application security testing, security composition analysis, and version control system hardening.

  • Enhance secrets management with secure storage solutions and robust access controls.

  • Manage and secure container images through regular scanning and vulnerability assessments.

  • Conduct infrastructure and code vulnerability management; and cloud misconfiguration management to ensure secure cloud infrastructure.

  • Implement Robust Secret Management practices securely storing, accessing, and rotating secrets.

  • Implement automated remediation workflows for vulnerabilities and misconfigurations.

  • Conduct a thorough review of organization policies and align them with security best practices and compliance requirements.

    Detect:

  • Develop and implement threat management strategies and tools, including continuous monitoring.

  • Implement runtime security solutions to protect cloud workloads and instances from vulnerabilities and exploits.

  • Enhance cloud threat event monitoring using advanced analytics.

  • Deploy and manage Security Incident and Event Management (SIEM) solutions to centralize security event data.

  • Integrate threat intelligence feeds to identify emerging threats.

  • Strengthen network protection with Web app firewalls, intrusion detection systems (IDS), security based proxies, etc.

  • Enhance data loss prevention (DLP) capabilities to protect sensitive data from unauthorized access and exfiltration.

    Respond:

  • Create and maintain an Incident Response Plan based on the NIST Computer Security Incident Handling Guide.

  • Establish and manage an on-call rotation for incident triage and escalation.

  • Conduct incident analysis and digital forensics to understand and mitigate cybersecurity incidents.

  • Implement routine threat hunting activities based on threat intelligence and internal signals.

  • Develop incident response procedures and forensics capabilities to investigate security incidents, collect evidence, analyze root causes, and implement remediation measures to prevent recurrence.

Who you are:

  • 7+ years of experience in DevSecOps, Cloud Security, or a related role.

  • Industry recognized certification in Security, Cloud, or DevOps such as: CISSP, Sec+, SANS GIAC, OSCP, CCSP, AWS, GCP, CKS, Terraform, etc.

  • Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field AND/OR relevant military cybersecurity training

  • Expertise in securing CI/CD pipelines ​​incorporating automated security testing, vulnerability scanning, and compliance checks. 

  • Strong understanding and experience securing cloud platforms (GCP, AWS) and related security tools.

  • Strong experience with infrastructure as code (IaC) and configuration management tools such as Terraform, CloudFormation, or Ansible.

  • Solid understanding of containerization and orchestration technologies (e.g., Docker, Kubernetes, OpenShift, GKE, EKS) and securing containerized applications.

  • Hands-on experience with security tools for static code analysis, dynamic application security testing (DAST), and vulnerability scanning.

  • Strong skills in scripting languages (e.g., Python, Bash) for automation and tool integration.

  • Proficiency in Attack surface management, Cloud Security Posture Management and Vulnerability Management

  • Knowledge of incident response, threat hunting, and digital forensics.

  • Familiarity with compliance standards such as NIST, GDPR, and SOC1/2/3.

  • Excellent problem-solving skills and the ability to work in a fast-paced environment.

  • Strong communication and collaboration skills.

We are Madhive

We empower our clients to create enduring relationships with consumers through maximum-fidelity, TV-first technology that elevates media, embodies relentless innovation, and ensures unrivaled revenue acceleration.

Madhive is a dynamic, diverse, innovative, and friendly place to work. We embrace our differences and believe they fuel our creativity. We come from varied backgrounds and think that’s important. Whether it’s taking ideas from previous lives and applying them in different ways or creating something completely new, we are all trail-blazing team players who think big and want to make an impact. 

We are committed to cultivating a culture of inclusion and collaboration. We welcome diversity in education, culture, opinions, race, ethnicity, gender identity, veteran status, religion, disability, sexual orientation, and beliefs.

Please be advised that we will NOT be using third-party recruiting agencies for this search.

What the Team is Saying

Angelique
Eva
Meghan
Louis
Mariya
Scott
Stephanie
Erricka
Megan
Elan
The Company
HQ: New York, NY
180 Employees
Hybrid Workplace
Year Founded: 2017

What We Do

Madhive is the leading technology company engineered for modern TV advertising. Through its self-service platform, Madhive modernizes legacy systems, enabling advertisers to automate the ad buying process into one operating system seamlessly. This allows advertisers to plan, target, activate, and measure their campaigns with greater simplicity, accountability, reach, and control. Powered by an industry-leading bidder and device graph that processes billions of available ad opportunities per day, Madhive delivers precise, brand-safe audience connections efficiently at scale. The company is trusted by the leading local content owners, creators, distributors, national agencies, and brands, powering millions of dollars in media across 20,000+ daily campaigns. To learn more, visit www.madhive.com.

Why Work With Us

Madhive offers the only omnichannel enterprise software solution designed to modernize adtech. We’re a place for bold thinkers who want to drive change. With a strong focus on skill development and professional growth, Madhive fosters an open, entrepreneurial environment where each team member is empowered to make a meaningful impact.

Gallery

Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery

Madhive Offices

Hybrid Workspace

Employees engage in a combination of remote and on-site work.

Madhive prioritizes flexibility; team members can work remotely, in person at our office, or a combination of the two. For those domiciled close to our NYC HQ, we encourage them to take advantage of in-office culture and collaboration.

Typical time on-site: Not Specified
HQNew York, NY
Canada
Argentina
Mexico
Learn more

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account