Act as a subject matter expert and manage security incidents across all organizational environments.
Implement monitoring and alerting procedures and mechanisms.
Design and implement automation processes for security monitoring and incident response-related flows.
Design, implement, and develop security solutions according to R&D/production needs.
Work with Elementor’s R&D teams and architects to design, enhance, and implement best-of-breed security topologies.
Identify new security threats, and trends by conducting continuous monitoring, vulnerability assessments, and log analyses.
Conduct regular internal and external security assessments, vulnerability scans, and penetration testing of systems and applications to identify and remediate security weaknesses and threats.
Manage Elementor’s bug bounty program.
Maintain documentation of security processes, procedures, and configurations.
Generate regular reports on security metrics, compliance, and incident response activities for management and stakeholders.
Requirements:
3+ years of hands-on DevOps experience in a cloud environment.
At least 2 years of experience with Kubernetes, containers, and serverless security.
1+ years of relevant industry experience in security, with a solid knowledge of information security principles and practices.
Experience integrating security into CI/CD pipelines.
Experience with cloud vendors such as GCP/AWS - Must
In-depth understanding and proven experience in security monitoring and analytics.
AppSec - Knowledge of SSDLC best practices around application security.
Strong understanding of cybersecurity and network principles.
Advantages
Solid understanding of security/operations infrastructure.
Experience with large-scale cloud infrastructures and services.
Experience leading integration processes for SIEM systems.
Experience with incident response (IR) attacks and mitigation methods.
Experience building tools and processes using Python or Go to address security-related needs.
Experience running forensic investigations.
Experience with penetration testing or security research.