Sr. DevSecOps Engineer
Summary
Join our expanding team of security experts in our mission to become an elite security team dealing with 2021’s problems. Bring your creativity and passion for sec-ops or sec-eng in a meaningful way to have real impact on the future of millions of people's experience and interaction with work by experimenting with the latest in cyberspace.
If you are the kind of person who thrives in a challenging environment with creative expertise and a thirst for pushing the limits, we are interested in you!
Why apply?
Our Engineers get to work with the most progressive technologies in the business. We utilize Docker containers, k8s, Node.js, Go, microservices, and more. Our infrastructure leverages orchestrated containers, spans a CI/CD pipeline, is all IaC, and in the cloud.
Being at the bleeding edge of innovation comes with its own security challenges that books have not covered yet. If an exploit in the news drives you to find the write up or paper that explains how it worked, you’re sick of waiting for your company to “get around” to patching vulnerabilities, and you want to help build a secure foundation for our platform engineers, give us a call.
If you like to sweat the details of how to recover a system from scratch, build secure and automated security scanning tools, have experience in release management, worry about deploying certificates correctly, and want to build security tools that engineers can use to deploy applications and infrastructure safely, this is your chance.
Your responsibilities
At Lifion, we are building a culture of rigorous code review and build in application security design that lets us catch vulnerabilities during development and not after. You should be familiar with the OWASP top ten, understand how to leverage configuration management to put your controls in place, and feel comfortable in advising application engineers in security best practices.
Preferred Qualifications
Deep knowledge of secure application design, specifically a familiarity with authentication, authorization and secret management flows
Experience in building and deploying automated security tools and workflows into production level build systems
Proficiency with commonly used cryptographic tools, APIs, and best practices (e.g. tink, openssl and so forth)
Be able to drive a security issue from discovery to resolution, working with teams to get them over the finish line.
Work with a DevOps mindset to bring security “left” into the SDLC
Experience with Penetration testing and red/blue teaming
Single sign on management in the cloud, especially LDAP/OAuth/AD or similar
Comfortable with popular IDS, IPS, or SIEMs
Experience with AWS networking, security group monitoring/auditing and similar
Knowledge of Continuous Integration & Delivery methodologies
Be familiar with auditable deploys and practices
Have experience with infrastructure as code and versioned releases
Experience with Multi-AZ or Multi-Region deployments
Creating threat-models and risk assessments