Let’s get started
By clicking ‘Next’, I agree to the Terms of Service
and Privacy Policy
Jobs / Job page
DevSecOps Engineer image - Rise Careers
Job details

DevSecOps Engineer

Company:

Floma is the world’s first AI marketing agency. We are at the forefront of redefining marketing with AI, and are creating AI agents to plan, build, and manage all aspects of marketing campaigns. Our founders are ex-Google and ex-Apple executives and engineers. We're well-funded by top Silicon Valley VCs and angel investors, and have notable large companies as design partners. We are hiring engineers who are excited to imagine, pioneer and build what human and AI agent collaboration should look like between an AI marketing agency and top enterprise marketing teams, including product and technical innovations that no one has done before. We are moving fast, solving urgent CxO challenges, and building new capabilities to ship a category-defining AI product. We are based in Silicon Valley and are currently in stealth mode.

Role:

  • Drive architectural decisions and implementation of security controls across our cloud infrastructure, CI/CD pipelines, and development workflows

  • Partner with engineering teams to establish and maintain secure development practices, including threat modeling, security testing, and compliance frameworks

  • You will report directly to the CTO and co-founder as part of a small and agile team

Qualifications:

  • 5+ years of software development experience, with a strong focus on secure development practices and DevOps methodologies.

  • Deep understanding of cloud security architecture, with hands-on experience securing AWS infrastructure, container platforms (Docker, Kubernetes),

  • Strong knowledge of Infrastructure as Code using tools like Terraform or AWS CDK.

  • Proven track record implementing security controls and best practices in CI/CD pipelines, including expertise in automated security testing and threat modeling.

  • Familiarity with compliance frameworks (SOC 2 is a must).

  • Experience with modern programming languages(Python is preferred) and ability to implement security best practices across different technology stacks.

  • Strong background in authentication mechanisms, and access control systems.

  • Excellent analytical and problem-solving skills, with the ability to balance security requirements against business objectives.

  • Strong communication skills and experience collaborating with cross-functional teams to drive security initiatives.

You are a great fit for this role, if you:

  • Are excited about entrepreneurship, taking things from 0 to 1 and thrive when you have autonomy and ownership over your work.

  • Have demonstrated ability to work independently and manage multiple priorities in a fast-paced environment.

Benefits:

  • Equity

  • Paid Vacation/Time Off

  • Medical, Dental, and Vision benefits for you and your family

  • Health Savings Account (HSA) with employer contribution

  • 401k Plan with Floma match

  • Parental Leave

These benefits are subject to change at any time, consistent with the terms of any applicable compensation or benefits plans. Eligible full-time employees can participate in Floma's equity plans subject to the terms of the applicable plans and policies.


We encourage you to apply even if your experience doesn't precisely match the job description. Floma is an equal opportunity employer and is committed to providing equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, gender, national origin, age, disability, veteran status, pregnancy, gender expression or identity, sexual orientation, citizenship, or any other legally protected class.

Average salary estimate

$135000 / YEARLY (est.)
min
max
$120000K
$150000K

If an employer mentions a salary or salary range on their job, we display it as an "Employer Estimate". If a job has no salary data, Rise displays an estimate if available.

What You Should Know About DevSecOps Engineer, Floma Inc

At Floma, we're redefining the future of marketing as the world's first AI marketing agency, and we are on the lookout for a talented DevSecOps Engineer to join our innovative team! Here, you'll be diving deep into the exciting realm of AI collaboration, helping us forge new paths between AI agents and top-tier marketing teams. You'll work directly with our CTO and co-founder, making crucial architectural decisions to bolster the security of our cloud infrastructure and CI/CD pipelines. With over 5 years of software development experience under your belt, you'll get to partner with talented engineering teams to instill secure development practices, conduct thorough threat modeling, and ensure compliance frameworks are nailed down. At Floma, we value creativity and encourage you to take ownership of your work, so if you thrive in an entrepreneurial environment that moves at lightning speed, you'll fit right in! Your knowledge of cloud security architecture, particularly with AWS, and your hands-on experience with Infrastructure as Code will be vital. You'll also be instrumental in implementing automated security testing within our CI/CD pipelines. So, if you're passionate about pushing the boundaries of technology and are looking for an opportunity that's as dynamic as you are, come build the future of marketing with us at Floma!

Frequently Asked Questions (FAQs) for DevSecOps Engineer Role at Floma Inc
What specific responsibilities does a DevSecOps Engineer have at Floma?

As a DevSecOps Engineer at Floma, your primary responsibilities will include driving the architectural decisions for security controls across our cloud infrastructure, establishing secure development practices, implementing security testing, and maintaining compliance frameworks. You'll be closely collaborating with engineering teams to create a reliable and secure environment, making sure we meet industry standards and protect our innovative technologies.

Join Rise to see the full answer
What qualifications are necessary for the DevSecOps Engineer position at Floma?

Floma is seeking a DevSecOps Engineer who has at least 5 years of software development experience with a solid focus on secure development practices and DevOps methodologies. Candidates should have a deep understanding of cloud security architecture, particularly with AWS, and experience in Infrastructure as Code using tools like Terraform. Familiarity with compliance frameworks such as SOC 2 and proficiency in automated security testing within CI/CD pipelines are also essential.

Join Rise to see the full answer
How does Floma support the career growth of a DevSecOps Engineer?

At Floma, we are committed to fostering your career development as a DevSecOps Engineer through ongoing training and mentorship opportunities. You'll be working directly with seasoned professionals including our CTO and co-founder, providing you with valuable insights and experience that can propel your career forward. We also promote a workshop environment where learning from experiences and challenges is encouraged.

Join Rise to see the full answer
What tools and technologies will a DevSecOps Engineer use at Floma?

In the role of DevSecOps Engineer at Floma, you'll engage with a range of cutting-edge tools and technologies. Your day-to-day activities will involve working with AWS cloud infrastructure and container platforms like Docker and Kubernetes. You'll also use Infrastructure as Code tools such as Terraform or AWS CDK, and modern programming languages, preferably Python, to implement security best practices seamlessly across our tech stack.

Join Rise to see the full answer
What makes Floma a unique workplace for a DevSecOps Engineer?

Floma stands out as a unique workplace for a DevSecOps Engineer due to our pioneering approach and passion for innovation in the AI marketing space. We offer a dynamic environment where your input is valued, and you can take ownership of your projects. Working alongside ex-Google and ex-Apple engineers, you'll have the chance to push technological boundaries and create groundbreaking solutions in a collaborative culture that thrives on creativity.

Join Rise to see the full answer
Common Interview Questions for DevSecOps Engineer
What does DevSecOps mean to you, and why is it important?

DevSecOps integrates security practices within the DevOps process, ensuring security is part of the software development lifecycle. It's crucial because it addresses vulnerabilities early, reduces risks, and fosters a culture of security awareness among teams, ultimately leading to more secure applications and systems.

Join Rise to see the full answer
Can you describe your experience with cloud security architectures?

In discussing my experience with cloud security architectures, I would highlight specific projects where I've worked with AWS, detailing the security measures implemented, such as IAM policies, VPC configurations, and use of encryption in transit and at rest, and the overall impact on enhancing the cloud security posture.

Join Rise to see the full answer
How do you approach threat modeling?

When approaching threat modeling, I follow structured frameworks such as STRIDE or PASTA to identify potential threats. I involve team members early in the process to ensure comprehensive coverage and prioritize threats based on their potential impact to effectively allocate resources for risk mitigation.

Join Rise to see the full answer
What strategies do you use for automating security testing in CI/CD pipelines?

To automate security testing in CI/CD pipelines, I implement tools such as static and dynamic analysis tools integrated within the pipeline. This includes using SAST for analyzing source code and DAST for runtime testing, alongside automated checks for dependencies and vulnerabilities to ensure security gates are in place before deployment.

Join Rise to see the full answer
How would you handle a security vulnerability discovered after deployment?

In the event of a post-deployment security vulnerability, I would assess the severity and impact, communicate transparently with stakeholders, and then prioritize the remediation process. This could involve rolling back the deployment, issuing patches, or implementing additional security measures to mitigate risks while ensuring minimal disruption.

Join Rise to see the full answer
What experience do you have with Infrastructure as Code (IaC)?

I have extensive experience with IaC, utilizing tools like Terraform and AWS CDK to define and manage infrastructure through code. This has allowed me to create reproducible environments, maintain version control over infrastructure changes, and implement security configurations from the outset, streamlining deployments and enhancing security compliance.

Join Rise to see the full answer
Can you explain your experience with compliance frameworks such as SOC 2?

I have hands-on experience implementing compliance frameworks, including SOC 2. I focus on conducting regular audits, ensuring that the necessary controls are in place, documenting processes, and training teams to maintain compliance. I also work with cross-functional groups to prepare for audits and demonstrate our adherence to security and privacy requirements.

Join Rise to see the full answer
How do you stay updated with current security threats and trends?

I stay updated on security threats and trends by following industry leaders, participating in webinars, and engaging in relevant communities. I also dedicate time to continuous learning through courses and certifications, as well as collaborating with peers to discuss emerging threats and best practices.

Join Rise to see the full answer
Describe a challenging security problem you faced and how you solved it.

One challenging security problem I faced was an unexpected data breach in a project. I conducted a root cause analysis, identified loopholes in access controls, and rapidly remediated by tightening access rights and implementing additional monitoring, successfully preventing further incidents while also conducting a security education session for the team.

Join Rise to see the full answer
What qualities make a successful DevSecOps Engineer?

A successful DevSecOps Engineer should possess strong analytical skills, a proactive security mindset, and effective communication abilities. They should be able to collaborate across teams, embrace an agile approach to security, and apply a blend of technical skills and business acumen to align security initiatives with organizational goals.

Join Rise to see the full answer
Similar Jobs
Photo of the Rise User
Bixal Remote United States
VIEW
Posted 3 days ago
J
Jobot Remote Portage, MI
VIEW
Posted 10 days ago
Photo of the Rise User
Emerson Hybrid Eden Prairie, MN
VIEW
Posted 5 days ago
Photo of the Rise User
Abridge Hybrid San Francisco
VIEW
Posted 4 days ago
Photo of the Rise User
Bosch Group Hybrid 15000 Haggerty Rd, Plymouth, MI 48170, USA
VIEW
Posted 12 days ago
Photo of the Rise User
Paired Remote No location specified
VIEW
Posted 12 days ago
Photo of the Rise User
Capco Remote Poland
VIEW
Posted 7 days ago
Photo of the Rise User
Renesas Electronics Remote Istanbul, Turkey
VIEW
Posted 9 days ago
F By Floma Inc

1 jobs
MATCH
Calculating your matching score...
FUNDING
DEPARTMENTS
SENIORITY LEVEL REQUIREMENT
TEAM SIZE
No info
LOCATION
No info
EMPLOYMENT TYPE
Full-time, remote
DATE POSTED
December 13, 2024

Subscribe to Rise newsletter

Risa star 🔮 Hi, I'm Risa! Your AI
Career Copilot
Want to see a list of jobs tailored to
you, just ask me below!
Show me relevant jobs ASK RISA ✨
ABOUT RISE
FOR COMPANIES
REMOTE JOBS & MORE
LOOKING FOR A JOB?
FIND A JOB NEAR ME
POPULAR JOBS
Rise logo
Privacy Policy and Terms of Service
© 2021 Work Rise LLC. All rights reserved.
Proudly made in NYC.
CONNECT
Facebook Instagram LinkedIn Tiktok