Senior DevSecOps Engineer at CLEAR (Greater NYC Area, NY or Remote)
CLEAR helps create safer, easier experiences everywhere you go. We believe you are you and by using your biometrics – your eyes, face, and fingerprints – we keep you moving. Imagine a world where you can do virtually everything you need to – breeze through the airport, buy a beer at the game, check-in at the doctor’s office, access your office building, and more – without ever pulling out your wallet. CLEAR is currently available in 50+ airports, venues and more. Now with Health Pass, CLEAR securely connects a person’s digital identity to multiple layers of COVID-related insights to help reduce public health risk and restore peace of mind.
We’re defining and leading an entirely new industry, obsessing over our customers, and investing in great people to lead the way. Recently named on CNBC’s Disruptor 50 List for the third year in a row and winner of the SXSW Interactive Innovation Award, CLEAR is providing innovative technology options for businesses and our 7+ million members to help create a safer environment no matter where you go.
CLEAR is seeking a Senior DevSecOps Engineer to join our team. This role will be responsible for coordinating with all aspects of the company to assess, design, and implement various security processes and controls. You and your team will be responsible for reviewing and testing our new services and infrastructure before release, partnering closely with our infrastructure and development teams to produce innovative and secure solutions. The right person for this role has a strong drive to solve security challenges within a rapidly expanding environment, and the desire to implement best-in-class security measures using cutting edge technology. Additionally, the right person has a strong track record of delivering high-quality security solutions in a hyper-growth environment where priorities shift quickly.
What You Will Do:
- Assess, design, and implement various processes and controls of the company’s core cloud and infrastructure security through automation
- Evaluate, design, and deploy security tools to support: CI/CD Pipelines, AWS deployments, cloud security guardrails, auto-remediation and prevention
- Lead threat modeling exercises of new and continuing to evolve technologies within our cloud and containerized environments
- Define security requirements and implement controls such as SSO, logging/alerting, and RBAC for cloud and containerized infrastructure
- Build automated tools and infrastructure for automating incident response and findings in a cloud-native environment
- Perform infrastructure as code reviews and risk assessment of AWS cloud-based resources and containerized workloads
- Create clear and concise documentation to formalize security processes and guardrails
Who You Are:
- 4+ years of experience in security engineering experience with and 2+ years using cloud/PaaS technologies (AWS, GCP, Azure, Kubernetes)Strong understanding of firewall, cloud-native intrusion detection, and prevention
- Operational knowledge of endpoint, systems, databases, orchestration/configuration as code technologies (e.g. Terraform, Chef, Ansible, Puppet), and network security engineering best practices
- Solid problem solving and analytical skills; able to quickly digest issues encountered and recommend an appropriate solution
- An advocate for automation and standardization across security systems
- Experience in using scripting languages such as Python, BASH, or Go to automate tasks and manipulate data