Remote DevSecOps Engineer

Description:

• As a DevSecOps Engineer at Authorium, you will play a vital role in building and maintaining our secure and scalable SaaS platform hosted on AWS.
• You will bridge the gap between development and security by implementing robust application security measures aligned with NIST 800-53 and engineering secure infrastructure.
• You will work closely with developers, security experts, and other operations teams to ensure the platform's security, reliability, and performance.
• Your responsibilities will include integrating security vulnerability scanning, SAST, and DAST tools into the CI/CD pipeline.
• You will manage vulnerability and code scanning tools to ensure adequate coverage and efficient vulnerability remediation.
• Conducting security reviews of code, APIs, and infrastructure designs will be part of your role.
• You will partner with the engineering team to implement security measures and remediate any discovered vulnerabilities.
• You will design, build, and deploy secure infrastructure on AWS Commercial and AWS GovCloud using Infrastructure as Code (IaC) technologies like Terraform.
• Overseeing the management of security controls within the AWS ecosystem, including IAM roles and policies, VPCs, security groups, and encryption, will be essential.
• You will automate security tasks and configuration management, monitor and analyze security alerts, and collaborate with the DevOps team to integrate security considerations into CI/CD pipelines.
• Familiarity with technologies such as Linux, Kubernetes, Helm, CircleCI, Git, and GitHub Actions is required.
• You will also need to be knowledgeable about various AWS tools and services, including AWS Security Hub, Amazon GuardDuty, and AWS IAM, among others.
• You will collaborate with development and security teams to define and implement DevSecOps principles and best practices, manage and automate security testing procedures, and stay informed about new DevSecOps tools and technologies.
• Effective communication with technical and non-technical stakeholders will be crucial.

Requirements:

• A Bachelor's degree in Information Security, Computer Science, or a related field, or equivalent work experience is required.
• You must have a minimum of 2 years of experience in information security or a related field.
• A working knowledge of FedRAMP/StateRAMP requirements and compliance frameworks is necessary.
• Experience with continuous monitoring tools and techniques is required.
• Strong analytical and problem-solving skills are essential for this position.
• Excellent communication and interpersonal skills are necessary to succeed in this role.
• You should be able to work independently and as part of a team.
• Nice to have certifications include CISSP, CISM, CISA, Ethical Hacking, AWS, etc.
• Knowledge of scripting languages such as Python or Bash is a plus.

Benefits:

• The salary range for this position is $145,000-$155,000.
• You will receive flexible PTO.
• The position offers 100% employer-funded medical, dental, and vision insurance.
• This is a 100% remote position.
• A $500 home office stipend will be provided.
• You will have access to a 401K with a Profit Sharing Plan.