You will be responsible for:
- Securing and optimizing our cloud services, with a primary focus on AWS, to ensure robust security and compliance.
- Following alignment with industry security best practices for DevOps services and tools.
- Supporting and enhancing our monitoring and alerting systems to detect and respond to threats together with our ProdSec team.
- Developing and implementing threat detection strategies to identify and mitigate potential risks.
- Automating the deployment of security controls to ensure consistent and scalable protection.
- Acting as a focal point for security and compliance-related queries and strategies within the DevSecOps team in our DevOps group, driving smarter security decisions that align with business goals.
You should apply if you have:
- 3+ years of experience in DevOps with a deep understanding of cloud security and best practices.
- Proven ability to identify common security risks and formulate and execute comprehensive security strategies.
- Experience with market-leading security tools and providers, coupled with scripting and development skills, preferably in Python.
- Extensive knowledge of internet protocols, architectures, and security design principles.
- Hands-on experience with AWS security and encryption services such as IAM Policy, KMS, GuardDuty, CloudTrail, and Identity Center (or equivalent).
- Strong understanding of security projects that address risks, including patching, secure build, vulnerability scanning and remediation, logging and monitoring, threat management, and user awareness.
- Proven ability to gather and maintain evidence for security and compliance.
- Self-motivated with the drive to keep moving things forward.
Preferred Qualifications:
- One or more security-related certifications, such as CISSP, CEH, CISA, CISM, Security+, or similar.
- Experience in triaging security alerts and executing incident response.
- Experience with virtualization technologies, particularly in AWS services such as EKS.
- Strong sense of ownership, urgency, and drive.
- Shift-left mindset - i.e. how we’re an enabler rather than a bottleneck
- Experience with compliance requirements (e.g., SOC2, ISO27001, HIPAA, PCI, etc.).
for more details.