DevSecOps Engineer

Array is revolutionizing how businesses leverage and enhance consumer data. Our platform enables innovative companies and developers to seamlessly integrate credit and identity data into their apps, websites or workflows. As a remote-first company, we’re focused on providing opportunities for autonomous individuals to have high levels of impact at the forefront of the fintech space. Continuous improvement, experimentation, and a clear mission stretch us individually and together in service of delivering the best products for our clients and users.

Array is looking for a DevSecOps Engineer who will secure Array's cloud & systems architectures, codebase, and networks from malicious cyber exploitation. You will report to the Director of Information Security & IT.

You Will:

• You will work with DevOps/SREs to develop security measures to harden production cloud platform environment and infrastructure-as-code & data orchestration/automation dependencies
• Partner with software engineers to identify security vulnerabilities in code and develop mitigation recommendations
• Evolve the existing platform by guiding security standards and recommend ideas for improvement
• Partner with the platform engineering team to develop CI/CD security processes
• Allow appropriate security controls to protect our infrastructure and data
• Design solutions that are compliant with partner security compliance requirements
• Implement automated secrets management, credential rotation and other secure API authentication techniques
• Identify latest information security threats and develop suitable defense measures
• Evaluate architectural changes for security implications and recommend enhancements
• Contribute cyber security expertise in architecture reviews and help harden the future evolution of Array's API platform
• Develop information security activity monitoring reports
• Evaluate latest technologies to improve security practices to create advantage
• Interest in developing concepts to secure latest risks with SAAS tool integrations
• Interest in mentoring security analysts

You Have:

• Degree in computer science, computer engineering, IT, systems engineering, or related qualification
• Have 5+ years of professional software development experience
• 3+ years of work experience with incident detection, incident response, and forensics
• Experience securing Google Cloud Platform (GCP) or Amazon Web Services (AWS) environments & developing hardening policies to prevent against cyber exploitation
• Experience implementing WAF for scalable environments
• Experience securing deployment orchestration and infrastructure-as-code (IaC) deployments with tools like Pulumi & Terraform and containerization tools like Docker and Kubernetes
• Experience with GitLab DevSecOps secure code analysis features or similar capabilities
• Familiarity with NIST standards, OWASP protocols, CIS benchmarks
• Interest in cybersecurity trends and hacking/exploitation techniques
• Proficient in Go / Python / Node
• Interest in advancing and enhancing secure code training with your own security findings

Nice To Haves:

• Experience implementing cloud security telemetry solutions and threat detection analytics
• Experience securing APIs and hosted infrastructure from cyber exploitation and attack
• Knowledge of Security Across Multi-Vendor Platforms
• Experience with ethical hacking
• Offensive Security Certified Professional (OSCP), GIAC Certified Incident Handler, (GCIH), Certified Information Systems Security Professional (CISSP)
• Google Cloud Security Engineer / DevOps Engineer Certification
• Certified DevSecOps Professional (CDP)
• SANS SEC540: Cloud Security & DevSecOps Automation
• Exposure to financial industry organizations & affiliates

Best,
The Array Recruiting Team