Senior Software Security Engineer

Vistar Media is the home of out-of-home (OOH). As a global ad tech company and the world's largest digital out-of-home (DOOH) advertising marketplace, we offer technology designed to make buying and selling OOH media easier. Our goal is simple: to help the world's marketers leverage OOH's unique ability to motivate and delight. 

From strategic partnerships with major media owner networks to executing impactful campaigns with renowned global brands such as Nestlé, Porsche, Target, and Levi's, our team is filled with passionate, innovative, and collaborative problem solvers, engaging and entertaining consumers like you in the real world. Find your home in out-of-home - find your people at Vistar.

About the role:

We are seeking a Senior DevSecOps Engineer, with extensive experience in security vulnerability remediation, cloud infrastructure, and strategic planning. The ideal candidate is adept at identifying and fixing security vulnerabilities in codebases written in languages such as Python, TypeScript, Go, Java, and Scala. This role is ideal for a Software Engineer with a focus on Security, who thrives working independently and collaborating in a cross-functional environment with multiple engineering teams, leadership, and non-technical peers. This is a great opportunity to join an innovative company that prioritizes security and continuous improvement.

What you'll do:

• Security & Vulnerability Management:

  • Conduct code reviews, static and dynamic application security testing (SAST and DAST), and penetration testing to identify vulnerabilities and recommend remediation strategies.

  • Implement automated security testing and monitoring tools to maintain a robust security posture.

• Cloud Infrastructure:

  • Design, deploy, and manage secure cloud infrastructure solutions.

  • Integrate security best practices across cloud services and platforms.

• Collaboration & Communication:

  • Excel in a strong, collaborative work environment while effectively managing independent tasks.

  • Provide technical guidance and mentorship to junior team members and peers.

  • Collaborate with development, operations, and product teams to plan and implement security enhancements.

• Security Tooling & Monitoring:

  • Manage and optimize security tooling including SIEM systems, vulnerability scanning tools, and Zero Trust Architecture (ZTA) VPN solutions.

  • Leverage related services to ensure comprehensive threat detection, incident response, and secure remote access.

• Continuous Improvement:

  • Stay updated with the latest trends, tools, and best practices in DevSecOps.

  • Drive process improvements and advocate for security-first development practices across teams.

What experience we're looking for:

• Bachelor's Degree in a technical field (e.g. engineering, computer science, etc.), or equivalent practical experience.

• 8+ years of professional work experience as a developer.

• 3+ years of work experience in software development and fixing security vulnerabilities in languages such as Python, TypeScript, Go, Java, and Scala.

• 5+ years of work experience in DevSecOps or other security-focused software development role, with a strong focus on cloud infrastructure.

• Expertise in public cloud platforms (AWS - preferred, Azure, GCP, etc) and related security services.

• Proficiency with security tooling including IDS, IPS, SIEM, Zero Trust Architecture (ZTA VPN), and related services.

• Familiarity with automation tools, CI/CD pipelines, and containerization technologies.

• Strong understanding of security protocols and technologies (TLS, HTTPS, OAuth, etc).

• Deep understanding of security frameworks and compliance standards.

Who you are

• Proven history of succeeding in challenging projects that have a significant impact on the organization’s overall security posture.

• Thrive off opportunities for professional growth and career advancement in a fast-paced, technology-driven setting.

• Enjoy a strong, collaborative work environment that values teamwork and open communication.

• Excellent problem solving skills and attention to detail.

• Demonstrated ability to work both independently and collaboratively in a dynamic environment.

• Strong communication skills with the ability to communicate security risks and recommendations effectively to technical and non-technical stakeholders.

What we offer:

• Flexible, fun start-up environment and culture

• An approachable and accessible C-Suite.

• Comprehensive health benefits.

• 401k + match.

• Quarterly Lifestyle Stipend.

• Unlimited PTO and summer Fridays.

• Company-wide and team specific entertainment budgets for both in-person and virtual team building.

• A flexible hybrid work environment, with a fully stocked kitchen, weekly catered lunches, and casual attire while in office.

• Sponsored Volunteer Events and Vistar Gives Back program.

• An awesome and supportive bunch of people to work with and learn from.
  

Recruiting fraud is a serious issue facing jobseekers. Please be aware that Vistar Media would never require personal information (such as bank account information) during the interview process. Should an employee from Vistar Media reach out to you, that communication will come from an @vistarmedia.com email address. During a typical interview process, you will have several phone, video, and/or in-person interviews with multiple Vistar Media employees before a hiring decision is made. We do not require payment from applicants for training or other costs incurred, nor do we offer compensation before hiring.

If you’re ambitious, highly driven, and interested in making an impact, Vistar is the place for you. Apply to join our team… we’ll see you out there.