About the role:
As a Security Operations Engineer, you will be responsible for ensuring the security of our software development and deployment processes while promoting a culture of security within our organization. You will collaborate closely with development, operations, and security teams to integrate security practices seamlessly throughout the software development lifecycle.
Responsibilities:
- Implement and manage security tools and technologies within the CI/CD pipeline.
- Conduct security assessments, code reviews, and penetration testing to identify and address vulnerabilities.
- Implement security controls and best practices for infrastructure as code (IaC) and cloud environments.
- Automate security testing and compliance checks using scripting and configuration management tools.
- Monitor and analyze security events and incidents, responding promptly to mitigate threats.
- Provide guidance and support to development and operations teams on secure coding practices and infrastructure configurations.
- Stay up-to-date with the latest security trends, vulnerabilities, and industry best practices.
- Collaborate with cross-functional teams to prioritize security initiatives and drive continuous improvement.
- Upon detection of a security incident, support a thorough investigation to assess the scope and impact of the incident.
- Analyze logs, network traffic, and system configurations to identify the root cause of the incident and determine the extent of any compromise.
- Collaborate with development, operations, and security teams to gather relevant information and context for incident analysis.
- Implement mitigation strategies to contain and remediate the security incident promptly.
- Utilize automation tools and scripts to facilitate rapid response and recovery efforts.
- Coordinate with relevant stakeholders to deploy patches, updates, or configuration changes to address vulnerabilities and prevent further exploitation.
Qualifications:
- Bachelor's degree in Computer Science, Information Security, or related field (or equivalent experience).
- 3+ years experience in SecOps cloud roles
- Proven experience in DevOps or software development roles, with a focus on security.
- Understanding of DevOps principles and methodologies.
- Hands-on experience with AWS cloud platforms and containerization technologies (e.g., Docker, Kubernetes).
- Proficiency in scripting languages such as Python, PowerShell, or Bash.
- Experience with security tools such as vulnerability scanners, intrusion detection systems (IDS), and security information and event management (SIEM) solutions.
- Familiarity with compliance standards such as PCI DSS, HIPAA, and GDPR.
- Excellent communication and collaboration skills, with the ability to work effectively in a team environment.
Preferred Qualifications:
- Security certifications such as CISSP, CEH, or AWS Certified Security Specialty.
- Experience with infrastructure as code tools (e.g., Terraform, Ansible, Chef).
- Knowledge of secure software development frameworks (e.g., OWASP).
- Experience with DevSecOps tools and practices (e.g., DevSecOps automation, shift-left security).
#LI-REMOTE #LI-NP1
