On behalf of the Tres Commas client, we are looking for Security Engineer.
We are looking for someone that can help the organization stay in compliance with various regulations and compliance frameworks such as PCI DSS and ISO 27001.
● Previous experience in security monitoring, incident response, threat intel, security engineering, and DevSecOps.
● Thorough working knowledge of Linux
● Understanding of GitOps, Agile, and DevOps practices
● Ability to write code and work with Infrastructure as Code tools (CloudFormation, Terraform, Etc)
● Experience with Kubernetes
● Experience with Container Security technologies like Twistlock, Snyk, etc.
● Great Communication Skills — you will be a Security ambassador to other teams, partnering to add security to their delivery pipelines(чтобы повысить безопасность своих конвейеров доставки
● Ability to own and resolve problems.
● Day-to-day technical operation of the Security capabilities of a DevSecOps tool stack.
● Configuration guidance of security tooling including Web application firewalls, Intrusion detection systems, Security monitoring tools (consuming and analyzing logs and metrics from various sources), etc.
● Development of Infrastructure as Code and GitOps configurations for Security capabilities
● Support project and operational teams with the adoption of security capabilities and ways of working.
● Manage and maintain our DevSecOps and Container Security capabilities with things like best practice configuration, hardening, and patching.
● Work with Incident Response Teams, Engineering, Product and DevOps teams to help with technical alignment of security, business and technical objectives.
● Investigate and remediate complex technical problems within the Security tooling embedded into CI/CD, Compute, and generally the AWS cloud environments.
● Participate in Peer review for Infrastructure as Code and relevant documentation.
● Investigate and utilize new technologies to enhance/improve security capabilities.
● Facilitate compliance by participating in writing of security policies and security documentation
Would be a plus:
● Experience with some of these technologies:
○ Security tools for runtime code.
○ Container & Dependency Vulnerability / Compliance Scanning tools (Snyk/Aqua/others)
○ Github/Bitbucket/Jenkins pipeline configuration
○ Version Control (git)
○ AWS Secrets Manager / Parameter Store
○ Open Policy Agent
○ Atlassian (Confluence/Jira)
○ CIS Benchmarks
○ Web application firewalls
○ AWS Network Firewall / Security Groups
○ Code security tools.
What we offer:
● Product company with a long-term and clear vision;
● 21 working days of paid annual leave, paid sick leave;
● A friendly and cheerful team that will always lend a hand and make a joke;
● Tasks that are interesting to work on and that will help you become better as a professional;
● Excellent opportunities and prospects for professional growth;
● Corporate events;
● Competitive salary;
● Work from anywhere — remote.
We are open to cooperating with everyone!