Senior DevSecOps Engineer

As a Senior DevSecOps Engineer at Ketryx, your main responsibilities include maintaining SOC 2 certification, optimizing CI/CD processes, implementing security best practices, and ensuring prompt incident management. You'll also play a crucial role in the management of our AWS infrastructure and collaborate with various teams to address conformity with security standards.

To qualify for the Senior DevSecOps Engineer role at Ketryx, candidates should possess a minimum of 5 years of relevant experience in DevSecOps or related fields. Proficiency in AWS, CI/CD tools, and Infrastructure as Code (IaC) methodologies is essential, along with experience in audits and a passion for improving software development security practices.

Ideal candidates for the Senior DevSecOps Engineer position at Ketryx should have experience with AWS services such as EC2, VPC, and EKS, as well as familiarity with CI/CD platforms like GitHub Actions or Jenkins. Additionally, knowledge of IaC tools like Terraform and expertise in container security are also highly advantageous.

At Ketryx, we highly value professional growth and provide our Senior DevSecOps Engineers with ongoing learning opportunities, mentorship programs, and access to a vibrant network of industry professionals. We encourage our team members to stay updated with the latest trends and technologies in software development and cybersecurity.

The work environment at Ketryx is dynamic and collaborative, fostering innovation and creativity. As a Senior DevSecOps Engineer, you’ll have the flexibility of a hybrid work model while being part of a passionate team committed to making a positive impact in healthcare technology.

When answering this question, highlight specific AWS services you have used, emphasizing your hands-on experience in configuring and maintaining those services in a security-focused manner. Discuss any certifications you may have that strengthen your expertise in AWS.

Discuss the security practices you incorporate into your CI/CD process, such as automated security testing, vulnerability scanning, and code reviews. Highlight your continual learning approach to keep up with security threats and tools.

Illustrate your personal approach to incident management. Share examples of past experiences where you effectively handled a security breach or vulnerability and the steps you took to mitigate risk while communicating with relevant stakeholders.

Mention specific resources such as blogs, webinars, forums, or communities you engage with. Highlight any certifications or training you pursue to ensure you remain a cutting-edge candidate in the field of cybersecurity.

Discuss the role of IaC in automating infrastructure management while ensuring it aligns with the security postures of the company. Talk about your hands-on experience with tools like Terraform or CloudFormation and how they enhance security compliance.

Share challenges such as maintaining documentation, training teams, or managing audits and how you overcome them. It’s vital to convey your proactive approach and strategic thinking in addressing these challenges.

Elaborate on your strategy in working with diverse teams like development and sales, focusing on communication, understanding different perspectives, and aligning security goals with business objectives.

Give a detailed account of your leading role in an audit process. Explain the preparations you undertook, team involvement, and how you addressed challenges during the audit execution while ensuring compliance with security standards.

Discuss your experience in integrating security into the container lifecycle, emphasizing image scanning, limit privileges, and runtime security controls that you believe lead to a secure deployment process.

Show enthusiasm for the role by discussing your passion for improving patient outcomes through technology, your eagerness to tackle new challenges, and how the mission of Ketryx aligns with your professional values and goals.