Senior DevSecOps Engineer
You are an application security expert who wants to get in on the ground floor of one of NYC's most exciting startups. You are passionate about security, & want to build a secure product that will revolutionize an entire industry.
You love to learn, & equally love to share your knowledge with others. Youre both a listener & contributor. You are a great communicator & you take care to understand before making yourself understood.
We are looking for an experienced security professional who is interested in working with a talented startup team in building secure, resilient, & high-performance website, mobile apps, & data services for the real estate industry. You will work with developers to make security & compliance available to be consumed as services. You will help architect secure web products, perform simulated attacks, identify weaknesses, & work with the engineers to remediate & protect our products. You will lead our effort to build security as code.
What We're Looking For:
- 6+ years of hands-on experience performing security tests & manual pentests on web applications, mobile apps, & web services (APIs).
- Deep understanding of application security vulnerabilities & remediation techniques.
- Experience performing threat modeling, & designing secure web services, RESTful APIs, & microservice architectures.
- Strong knowledge & hands on experience with AWS cloud infrastructure & native security services such as Inspector, GuardDuty, Web Application Firewall, Security Groups, & CloudTrail.
- Proficiency in automating security as code into CI/CD pipeline.
- Proficiency in scripting languages such as Bash & Python.
- Knowledge of programming languages like Java, Python, & Golang.
- Knowledge of Linux operating system, & containerization technology such as Docker & Kubernetes.
- Experience & knowledge of tools to facilitate secure SDLC controls (SAST, DAST, IAST, RASP, etc.).
- Bachelors degree in Computer Science or Engineering or commensurate experience.
- Professional certification such as OSCP, OSWE, GWAPT, GWEB, GXPN preferred but not required.
- Contribution to the security community (public research, blogging, presentations, etc.) preferred but not required.
Check out our Engineering blog!