Job details

DevSecOps Engineer

Get a free resume review

As a DevSecOps Engineer at Authorium, you'll play a vital role in building and maintaining our secure and scalable SaaS platform hosted on AWS by bridging the gap between development and security, implementing robust application security measures aligned with NIST 800-53, and engineering secure infrastructure. You'll work closely with developers, security experts, and other operations teams to ensure our platform's security, reliability, and performance.

Application Security:

Integrate security vulnerability scanning, SAST, and DAST tools into the CI/CD pipeline.
Manage vulnerability and code scanning tools to ensure adequate coverage and efficient vulnerability remediation.
Conduct security reviews of code, APIs, and infrastructure designs.
Partner with the engineering team to implement security measures and remediate any discovered vulnerabilities.

Security Infrastructure Engineering:

Design, build, and deploy secure infrastructure on AWS Commercial and AWS GovCloud using Infrastructure as Code (IaC) technologies like Terraform.
Oversee management of security controls within the AWS ecosystem, including IAM roles and policies, VPCs, security groups, and encryption.
Automate security tasks and configuration management.
Monitor and analyze security alerts to identify and respond to potential threats.
Collaborate with the DevOps team to integrate security considerations into CI/CD pipelines.

Defence in Depth
High-Availability/Disaster Recovery/Business Continuity
Drift Detection/Remediation
E2EE (end to end encryption)
Role-based access controls (RBAC)
Incident Response
Least Privilege

Familiarity with the following technologies:

Linux
Kubernetes
Helm
CircleCI
Git
GitHub Actions
AWS tools and services:

AWS Security Hub
Amazon GuardDuty
Amazon Inspector
Amazon CloudWatch
AWS CloudTrail
AWS WAF & Shield
AWS Key Management Service (KMS)
AWS Systems Manager Parameter Store
AWS Secrets Manager
AWS Lambda
AWS IAM
Amazon EC2
Amazon ECR
Amazon ECS
Amazon EKS
Amazon EFS
Amazon S3
Amazon RDS

General DevSecOps:

Collaborate with development and security teams to define and implement DevSecOps principles and best practices.
Manage and automate security testing procedures within the CI/CD pipeline.
Stay informed about new DevSecOps tools and technologies.
Communicate effectively with technical and non-technical stakeholders.

Bachelor's degree in Information Security, Computer Science, or a related field or equivalent work experience.
Minimum of 2 years of experience in information security or a related field.
Working knowledge of FedRAMP/StateRAMP requirements and compliance frameworks.
Experience with continuous monitoring tools and techniques.
Strong analytical and problem-solving skills.
Excellent communication and interpersonal skills.
Ability to work independently and as part of a team.

Nice to Have:

Certification (e.g. CISSP, CISM, CISA, Ethical Hacking, AWS, etc.).
Knowledge of scripting languages (e.g., Python, Bash) is a plus.

Employees located within 30 miles of our hub cities—San Francisco, Sacramento, and (coming soon) Washington, D.C. —are required to work onsite from Tuesday to Thursday. Remote work is available on other days.

Salary Range: $145,000-$155,000
Flexible PTO
100% employer-funded medical, dental and vision insurance
100% remote
$500 home office stipend
401K with Profit Sharing Plan

Average salary estimate

$150000 / YEARLY (est.)

min

max

$145000K

$155000K

If an employer mentions a salary or salary range on their job, we display it as an "Employer Estimate". If a job has no salary data, Rise displays an estimate if available.

What You Should Know About DevSecOps Engineer, Authorium

As a DevSecOps Engineer at Authorium, you’ll be an integral part of our dynamic team, pushing the boundaries of secure and scalable SaaS solutions hosted on AWS. Your role is pivotal as you bridge the gap between development and security, enabling us to implement top-notch application security measures that align with NIST 800-53 guidelines. Collaborating closely with developers, security experts, and various operations teams, you’ll ensure our platform maintains utmost security, reliability, and performance. In this role, you’ll be responsible for integrating security scanning tools into our CI/CD pipeline, managing vulnerabilities, and conducting thorough code reviews. Moreover, you’ll design and deploy secure infrastructure using Infrastructure as Code (IaC) technologies like Terraform, while overseeing security controls within the AWS environment. This involves managing IAM roles, security policies, and monitoring for potential threats to fortify our defenses. Familiarity with tools like AWS Security Hub, Amazon GuardDuty, and other AWS services will be crucial as you automate security tasks and enhance our incident response protocols. Ideally, you bring a background in Information Security or Computer Science with at least two years of relevant experience, coupled with excellent problem-solving skills. If you have a certification like CISSP or a knack for scripting languages, that’s a bonus! Join us at Authorium, where innovation meets security, and help us shape a safer digital landscape.

Frequently Asked Questions (FAQs) for DevSecOps Engineer Role at Authorium

What are the main responsibilities of a DevSecOps Engineer at Authorium?

As a DevSecOps Engineer at Authorium, you'll oversee the integration of security measures within our development processes. Your responsibilities include executing security vulnerability scanning, managing tools like SAST and DAST, and collaborating with developers to ensure the safety of the code and infrastructure. You'll also design secure AWS architectures using Infrastructure as Code technologies and automate security tasks to enhance our CI/CD pipeline.