DevSecOps Engineer Job Description
Join to apply for the Sr. DevSecOps Engineer role at Kaseya.
Kaseya® is a leading provider of complete IT infrastructure and security management solutions for Managed Service Providers (MSPs) and internal IT organizations worldwide powered by AI. Kaseya’s best-in-breed technologies allow organizations to efficiently manage and secure IT to drive sustained business success.
Roles And Responsibilities
* Security Testing and Analysis: performs regular security testing and analysis to identify vulnerabilities in the software development process. This includes conducting code reviews, penetration testing, and vulnerability scanning.
* Secure Infrastructure: ensures that the infrastructure used by the development team is secure. This includes configuring secure servers, monitoring security logs, and ensuring that security protocols are followed.
* Security Compliance: ensures that the development process adheres to security compliance standards, such as PCI-DSS, HIPAA, and GDPR.
* Security Automation: automates security processes, such as vulnerability scanning and code analysis, to ensure that security is integrated into the development process from the beginning.
* Security Education and Training: provides education and training to the development team to ensure that they are aware of security best practices and can implement them in their work.
* Incident Response: responds to security incidents, such as data breaches or cyber-attacks, by investigating and remedying the issue.
* Risk Assessment: performs risk assessments to identify potential security threats and develops mitigation strategies to reduce the risk of security breaches.
* Collaboration: works closely with the development team, operations team, and security team to ensure that security is integrated throughout the deployment process.
Knowledge & Experience
* Familiar with cloud platforms such as AWS, Azure DevOps, OpenStack and GCP. Understand how to secure cloud resources and how to integrate security into cloud-based applications.
* Experience with provisioning and automation using tools like Terraform, CloudFormation, Ansible, Puppet and OpenStack.
* Familiar with Continuous Integration/Continuous Deployment (CI/CD) Tools like AzureDevOps, Jenkins, CircleCI, GitLab, Travis CI.
* Experience with Security tools and concepts used in all processes from SDLC to pipeline deployment. Technologies include SAST, DAST, Linting, Secret Scanning, Pipeline job templating, repo management.
* Familiar with Source Code Management (SCM) tools like AzureDevOps, Bitbucket, GitHub, GitLab. Understand how to configure these tools to automate the testing and deployment of code while integrating security measures.
* Familiar with containerization technologies including Docker, PodMan, OpenShift and Kubernetes.
* Experience with infrastructure vulnerability scanners such as Nessus, Qualys, or OpenVAS. Understand how to use these tools to identify and remediate vulnerabilities in applications and infrastructure.
* Familiar with logging, SIEM and metrics tools such as Splunk, ELK Stack, Prometheus, Grafana, Kubernetes Logging.
* Experience with programming languages such as Bash, Python3, Ruby, Golang and PHP. They should be able to write code to automate security processes and integrate security into the overall development process.
* Familiar with encryption and key management tools: AWS KMS, Azure Key Vault, Google Cloud KMS, Hashicorp Vault, Kubernetes Secret Management.
* Experience Identity and Access Management (IAM): Okta, AWS IAM, Azure Active Directory, SAML.
* Familiar with code analysis tools like Linters, SonarQube, Snyk, Checkmarx, StackRox.
* Experience with web application firewall (WAF) tools on prem and in cloud, and assisting in tuning them on a per application basis.
General Qualifications And Experience
* Experience with driving cross-organizational changes.
* Default security-focused mindset.
* Ability to work effectively under pressure in a fast-paced environment.
* Good troubleshooting instincts and the ability to quickly triage / perform root-cause analysis.
* The desire and capability to see a problem through to completion.
* Ability to quickly acquire new skills and thrive in a team-based environment.
* Agility in an environment that requires rapid iteration and pivoting.
* Professional, courteous, and positive attitude.
* Great Project management skills with the capability to manage concurrent initiatives.
* Five plus years of experience with CI/CD platforms.
* Three plus years of experience securing applications via CI/CD pipelines leveraging static code analysis, unit and integration testing, dependency analysis, etc.
* Three plus years of experience performing threat and security design reviews.
* Three plus years of experience with containers.
* Three plus years of experience as a Software Engineer developing and maintaining an application.
* Five plus years of experience with Linux administration (full stack or DevOps experience counts).
Expectations
* Strong written and verbal communication skills, with a passion for documentation.
* Works effectively under pressure in a fast-paced, dynamic environment.
* Strong work ethic and an insatiable desire to learn.
* It thrives in a team-based environment leaving ego at the door.
* Performs other related duties as assigned.
* Off hours/on-call support required.
* Continuously strive for the betterment of engineering at Kaseya.
* Ensure that security concerns are accounted for in every step of the build chain.
* Work with Kaseya engineers to identify workflow pain points and develop their solutions.
* Engineer continuous delivery pipelines that are secure, stable, maintainable, and scalable.
* Develop and enforce security standard methodologies, processes, and tools.
* Be the bridge between security, software and systems engineering.
* Identify trends in need of a larger solution, beyond the scope of the immediate problem.
* Design and champion best security practices within the organization.
* Solve complex and challenging problems with simple, maintainable, and scalable solutions.
Kaseya provides equal employment opportunity to all employees and applicants without regard to race, religion, age, ancestry, gender, sex, sexual orientation, national origin, citizenship status, physical or mental disability, veteran status, marital status, or any other characteristic protected by applicable law.
#J-18808-Ljbffr