DevSecOps Engineer

About At-Bay

At-Bay combines world-class technology with industry-leading insurance to help clients meet risk head-on. Partnering with brokers and business owners alike, we provide modern insurance products and active risk monitoring services for companies of every size and in every industry. Our team boasts many backgrounds and skills, from analysts and developers to designers and underwriters, and everything in between — all working together to redefine what it means to be an insurance company.

We're proud to be a diverse company and to have expertise from multiple industries driving our culture. At-Bay is expanding rapidly, and as we grow, we're prioritizing inclusive hiring practices and supportive team environments. We're committed to building a company culture where people of all identities and backgrounds are empowered to thrive, develop their careers, and bring their full selves to work.

At-Bay is a globally distributed company with hubs in Atlanta, New York City, San Francisco, and Tel Aviv. To date, we have raised $292 million in funding from Acrew Capital, Glilot Capital, Icon Ventures, ION Crossover Partners, Khosla Ventures, Lightspeed Venture Partners, M12, entrepreneur Shlomo Kramer, and Qumra Capital.

Job Description:

We are seeking an experienced and talented SecOps Engineer to help us maintain and develop the security program at At-Bay. Working with cross-functional teams, driving the cloud security technologies, and supporting our success will be part of your responsibilities.

In this role, you will

• Develop and maintain detection and security tools, applications, infrastructure, and techniques
• Enforce policies and procedures by implementing and executing security controls.
• Evaluation and implementation of solutions designed to boost our security posture and enable new business initiatives.
• Monitoring, identifying, and investigating security events.
• Conduct assessments and audits.

You should have

• A minimum of two years' experience in Python development, and the ability to dive into production code
• Experience with AppSec and OWASP top 10
• Extensive experience in enforcing security controls throughout the SDLC using a variety of SAST/DAST solutions
• Experience with K8S and familiarity with containers' attack surfaces
• A working knowledge of networking protocols (TCP/IP, DNS, HTTP, etc.)
• A minimum of two years' hands-on experience administering and securing AWS cloud environments, including deep understanding of services such as IAM, VPC, Security groups, etc.
• Expertise in maintaining and debugging distributed web applications on cloud platforms
• Experience managing and operating Linux environments

Advantage

• Auditing and security control experience
• Certifications or training relevant to security