DevSecOps Engineer

What you get to do everyday!

• Implement security controls and best practices across CI/CD pipelines
• Ensure vulnerability assessments (including DAST and SAST) are part of every SDLC step.
• Provide security guidance to product engineering teams building software applications in compliance with industry standards (PCI-DSS, NIST, CIS, OWASP) in public cloud environments
• Provide architectural security guidance to DevOps team building cloud infrastructure in compliance with industry standards (PCI-DSS, NIST, CIS, OWASP) in public cloud environments
• Collaborate with development teams to implement secure coding practices
• Implement measures to improve security of software supply chain
• Develop best practices and security standards for KUBRA Cloud Platform
• Work with KUBRA Risk and Compliance team to support risk assessments by proactively providing mitigations to identified risks
• Work with KUBRA Security team to build appropriate threat models for KUBRA Cloud Platform services
• Maintain vulnerability and patch management processes inline with KUBRA security policy
• Work with KUBRA Security Operations team for incident response as necessary
• Identify opportunities and arrange for updated security training for KUBRA DevOps and Cloud Platform Engineering teams when appropriate

What kind of person you should be!

• You practice ‘Security as Code’ to ensure security baked in and automation.
• Highly organized and responsible.
• Maintain awareness of trends and changes in the Cybersecurity industry and threat landscape.
• Excellent written and verbal communications skills and an ability to maintain a high degree of professionalism in all client communications.
• Ability to influence others, build relationships, manage conflicts, and handle negotiations.
• Understanding and following the business strategy, objectives, and adjusting to performance metrics.
• Excellent, time management, problem-solving, and analytical skills.
• Ability to handle pressure and focus on results.

What you can expect from us!

• Award-winning culture that fosters growth, diversity and inclusion for all
• Paid day off for your birthday
• Free LinkedIn Learning subscription
• Annual performance-based bonuses
• Continued education with our education reimbursement program
• Flexible schedules
• Free unlimited access to our refreshment stations (fully stocked with tea, coffee and other beverages)
• Two paid days for volunteer opportunities
• Free on-site Fitness center
• Access to a ‘Tickets at Work’ membership
• A free premium membership for ‘Headspace’; an app geared towards mental health and wellbeing
• 401k Matching

What skills do you need?

• Experience in public cloud is required (AWS, Azure, GCP)
• At least 3-5 years of experience in Cyber Security roles with a preference in the engineering field.
• Experience work with software development or devops teams is preferred.
• Experience with Open Source Policy
• Experience in systems or network administration is preferred.
• Experience working with industry standard regulations and compliance frameworks (PCI-DSS, ISO, NIST, SANS, SOX, SOC II, HIPAA)