Sr. DevSecOps Engineer

Oakland, CA (temporarily remote)

Our client is a financial technology startup based in Oakland focused on transforming the subprime credit and lending space. Their product is being used in 7 states and has received excellent press coverage on the unique focus and platform they have created for consumers. Their platform runs primarily on AWS with the tech stack being Java/Jenkins/Docker/Terraform/Artifactory/Linux.

Benefits our client offers:

Competitive salary; early stage equity; 100% company paid medical, dental and vision insurance; generous vacation/sick leave policy; catered, free lunch; kitchens fully stocked with snacks; 401(k).

Responsibilities

The ideal candidate for this role is experienced with the security realm, has executed DevOps automation, and is proficient in AWS cloud technologies. If you don't understand how anyone can consider DevOps automation and security as anything but inseparable, this role is for you. We are looking for a highly technical cloud computing security expert with whom DevOps automation is second nature, to work on enabling a secure foundation for hosting our services in AWS. This is a hands on role.

You will:

• Work with dev sec engineering and our application developers to establish a secure cloud platform through automated, repeatable processes.
• Communicate effectively to help the team and stakeholders understand security issues and solutions as well as continuous delivery/Cloud concepts.
• Engineer, implement and monitor security measures for the protection of computer systems, networks and information
• Evaluate, Test, Implement and support third party AWS ecosystem tools.
• Leverage DevOps Tool Chain to maintain source code repository, continuous integration and deployment pipelines, test automation , and monitoring infrastructure.
• Develop a set of security standards and best practices for the organization, and recommend security enhancements to management as needed.
• Drive testing for vulnerabilities.
• Conduct proactive research to analyze security weaknesses and recommend appropriate strategies
• Constantly monitor LendUp’s networks and systems for security breaches or intrusions
• Identify and define system security requirements
• Evaluate and partner with vendors to implement security solutions
• Design computer security architecture and develop detailed cyber security designs
• Prepare and document standard operating procedures and protocols
• Configure and troubleshoot security infrastructure devices
• Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks
• Guide the application teams as required to adopt the security code based controls.
• Maintain strong awareness of events in the external community to identify threats and opportunities for enhancement. Apply those learnings to design and implement solutions.
• Manage security incidents
• Capture assessment-based findings, outcomes and propositions for further system security enhancement
• Liaising with vendors to implement security solutions

You have:

• Required: 2-5 years experience with AWS/Public Cloud (AWS Certified), 10 plus years of experience in software development, infrastructure, and architecture disciplines. 5 years of experience with Cloud technologies.
• Preferred: 2-5 years in Security, Compliance and risk management, including privacy, controls, etc.
• Familiarity with IT Security Frameworks such as NIST, PCI, etc
• CISSP Certification would be a plus
• Scripting skills: Python, Bash
• Linux System Administration
• Experience with monitoring tools like NewRelic, Datadog, etc.
• Hands on Experience with Security Services in AWS such as IAM, VPC, Security Groups, AWS Inspector
• Programming and Ops Skills: Scripting skills: Python, Bash, AWS SDK and CLIand Linux System Administration
• Hands on Experience of Infrastructure and Platform Services such as EC2, RDS etc.
• Hands on Experience with Management Services such as CloudWatch and AWS Config
• Extensive Knowledge and Hands on Skills with Docker and Container Security Tools
• Third party ecosystem tools for compliance and security
• Expertise in Data Protection, Compliance Validation, Vulnerability Analysis, Network Security, Infrastructure Security, Identity and Access Management, Logging and Monitoring, Incident Response, Resiliency.