Join to apply for the Sr. DevSecOps Engineer role at Kaseya. Kaseya® is the leading provider of complete IT infrastructure and security management solutions for Managed Service Providers (MSPs) and internal IT organizations worldwide. Powered by AI, Kaseya’s best‑in‑breed technologies enable organizations to efficiently manage and secure IT to drive sustained business success.
Founded in 2000, Kaseya serves customers in over 20 countries and manages more than 15 million endpoints globally. Kaseya is not your typical company; we expect you to go above and beyond to deliver value for our customers.
Job Brief
We are looking for a DevSecOps Engineer to execute security initiatives across the enterprise, building and maintaining security‑focused infrastructure solutions. This technical contributor will plan, coordinate, and execute initiatives that improve our security posture and collaborate closely with Information Security, Software Engineering, and Operations teams.
Roles and Responsibilities
* Perform regular security testing and analysis to identify vulnerabilities in the software development process, including code reviews, penetration testing, and vulnerability scanning.
* Configure secure servers, monitor security logs, and ensure all security protocols are followed in our development environment.
* Ensure the development process adheres to security compliance standards such as PCI‑DSS, HIPAA, and GDPR.
* Automate security processes (e.g., vulnerability scanning, code analysis) to embed security into the development pipeline.
* Provide education and training to development teams on security best practices.
* Respond to security incidents, investigate, and remediate issues such as data breaches or cyber‑attacks.
* Conduct risk assessments to identify potential security threats and develop mitigation strategies.
* Collaborate with development, operations, and security teams to integrate security throughout the deployment process.
Knowledge & Experience
* Hands‑on experience with cloud platforms (AWS, Azure, GCP, OpenStack) and securing cloud resources.
* Proficiency in provisioning and automation tools (Terraform, CloudFormation, Ansible, Puppet, OpenStack).
* Experience in CI/CD tools (Azure DevOps, Jenkins, CircleCI, GitLab, Travis CI).
* Deep knowledge of security tools in the SDLC, including SAST, DAST, linting, secret scanning, and pipeline templating.
* Familiarity with source code management systems (Azure DevOps, Bitbucket, GitHub, GitLab) and their security automation capabilities.
* Containerization expertise with Docker, PodMan, OpenShift, and Kubernetes.
* Experience with vulnerability scanners (Nessus, Qualys, OpenVAS) for applications and infrastructure.
* Knowledge of logging, SIEM, and observability tools (Splunk, ELK Stack, Prometheus, Grafana, Kubernetes Logging).
* Programming skills in Bash, Python3, Ruby, Golang, or PHP for automating security workflows.
* Encryption and key‑management tools (AWS KMS, Azure Key Vault, Google Cloud KMS, Hashicorp Vault, Kubernetes Secret Management).
* Identity and Access Management (Okta, AWS IAM, Azure AD, SAML).
* Experience with code analysis tools (Linters, SonarQube, Snyk, Checkmarx, StackRox).
* Experience tuning Web Application Firewalls on‑prem and in the cloud.
General Qualifications and Experience
* Proven ability to drive cross‑organizational change.
* Default security‑focused mindset.
* Strong troubleshooting instincts and rapid root‑cause analysis.
* Capability to see a problem through to completion and acquire new skills quickly.
* Agility in a fast‑paced, iterative environment.
* Professional, courteous, and positive demeanor.
* Excellent project management skills; manage concurrent initiatives.
* 5+ years of CI/CD platform experience.
* 3+ years of securing applications via CI/CD pipelines with static analysis, unit / integration testing, and dependency scanning.
* 3+ years of threat and security design review experience.
* 3+ years of container experience.
* 3+ years of software engineering experience.
* 5+ years of Linux administration (DevOps experience counts).
Expectations
* Strong written and verbal communication skills; passion for documentation.
* Thrives under pressure in a fast‑paced environment.
* Strong work ethic and insatiable desire to learn.
* Team‑based, ego‑free collaborator.
* Will perform related duties as assigned.
* Availability for off‑hours/on‑call support.
* Continuous improvement mindset for engineering at Kaseya.
* Ensure security is integrated at every step of the build chain.
* Help engineers identify workflow pain points and design solutions.
* Engineer secure, stable, maintainable, and scalable delivery pipelines.
* Develop and enforce security standard methodologies, processes, and tools.
* Act as bridge between security, software, and systems engineering.
* Identify trends that require scalable solutions and champion best security practices.
* Solve complex problems with simple, maintainable, scalable solutions.
Additional Information
Kaseya provides equal employment opportunity to all employees and applicants without regard to race, religion, age, ancestry, gender, sex, sexual orientation, national origin, citizenship status, physical or mental disability, veteran status, marital status, or any other characteristic protected by applicable law.
#J-18808-Ljbffr