Location: Remote (US)
We are looking for our first Senior DevSecOps Engineer with the ability to work across different departments, securing and maintaining a bridge between Platform Operations and Engineering.
What You'll Do
- We are looking for our first Senior DevSecOps Engineer with the ability to work across different departments, securing and maintaining a bridge between Platform Operations and Engineering.
- Validate that system design/architecture meets compliance requirements.
- Effectively articulate technical security specifications, requirements, etc. through written and verbal communications to both technical and non-technical partners.
- Mentor and train team members on security issues and best practices.
- Contribute to code reviews, documentation and other team processes.
- Advocate for and ensure appropriate security practices are communicated and implemented within their application security programs. Support adherence and awareness of these practices.
- Be a trusted automation and tooling advisor for DevSecOps initiatives by providing objective, practical and relevant ideas, insights and advice.
- Assist application teams with on-boarding the adopted security tools/technologies; working with vendors to troubleshoot the platform and issues related to such integrations.
- Work with teams to bring continuous improvement to DevSecOps processes and tools.
What We're Looking For
- Deeply familiar with AWS and other public cloud technologies equivalences (S3, IAM, CodeDeploy).
- Experience working in a collaborative, distributed team environment.
- Strong -- Debian-based -- Linux Administration and Shell scripting skills.
- Experience with system and image hardening tooling (Packer, CIS hardening).
- Experience with infrastructure as code (IaC) using tools such as Terraform or CloudFormation.
- Understanding of OSI model, TCP/IP, DNS protocols.
- Offensive Security-oriented mindset (threat-modeling, vulnerability assessments, pen testing, etc.)
- Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate strategic information security topics, policies and standards as well as risk-related concepts to technical and nontechnical audiences at various hierarchical levels.
- Experience adhering to compliance regimes such as SOC 2 Type 2, PCI, ISO 27001/27002, etc.
SpecTrust is a small, venture-backed startup with a vision is to provide first-of-its-kind cybercrime defense tools for the tens of thousands of fraud professionals around the world, all of whom are fighting an invisible war against crime rings, state actors, and fraud opportunists. Today, these corporate and public cyberfighters are cobbling together makeshift tools and struggling to align their broader organization in the fight against fraud. Instead of taking down threats, they measure success on how much they’ve lost. Our founders have lived this and we know it has to change, and you could be a part of it.
How to Apply
Email firstname.lastname@example.org with this role’s title in your subject line. Please share some information about relevant things you’ve done (with links if possible) and why you’re interested in joining SpecTrust.
SpecTrust is committed to ensuring equal employment opportunity and to providing employees with a safe and welcoming work environment free of discrimination and harassment. SpecTrust encourages applicants from all backgrounds to apply.