DevSecOps Engineer
Remote
Array
Array provides embeddable fintech products for our clients to promote customer engagement, revenue, and financial progress. Contact us to learn more.Array is revolutionizing how businesses leverage and enhance consumer data. Our platform enables innovative companies and developers to seamlessly integrate credit and identity data into their apps, websites or workflows. As a remote-first company, we’re focused on providing opportunities for autonomous individuals to have high levels of impact at the forefront of the fintech space. Continuous improvement, experimentation, and a clear mission stretch us individually and together in service of delivering the best products for our clients and users.
Array is looking for a DevSecOps Engineer who will secure Array's cloud & systems architectures, codebase, and networks from malicious cyber exploitation. You will report to the Director of Information Security & IT.
You Will:
- You will work with DevOps/SREs to develop security measures to harden production cloud platform environment and infrastructure-as-code & data orchestration/automation dependencies
- Partner with software engineers to identify security vulnerabilities in code and develop mitigation recommendations
- Evolve the existing platform by guiding security standards and recommend ideas for improvement
- Partner with the platform engineering team to develop CI/CD security processes
- Allow appropriate security controls to protect our infrastructure and data
- Design solutions that are compliant with partner security compliance requirements
- Implement automated secrets management, credential rotation and other secure API authentication techniques
- Identify latest information security threats and develop suitable defense measures
- Evaluate architectural changes for security implications and recommend enhancements
- Contribute cyber security expertise in architecture reviews and help harden the future evolution of Array's API platform
- Develop information security activity monitoring reports
- Evaluate latest technologies to improve security practices to create advantage
- Interest in developing concepts to secure latest risks with SAAS tool integrations
- Interest in mentoring security analysts
You Have:
- Degree in computer science, computer engineering, IT, systems engineering, or related qualification
- Have 5+ years of professional software development experience
- 3+ years of work experience with incident detection, incident response, and forensics
- Experience securing Google Cloud Platform (GCP) or Amazon Web Services (AWS) environments & developing hardening policies to prevent against cyber exploitation
- Experience implementing WAF for scalable environments
- Experience securing deployment orchestration and infrastructure-as-code (IaC) deployments with tools like Pulumi & Terraform and containerization tools like Docker and Kubernetes
- Experience with GitLab DevSecOps secure code analysis features or similar capabilities
- Familiarity with NIST standards, OWASP protocols, CIS benchmarks
- Interest in cybersecurity trends and hacking/exploitation techniques
- Proficient in Go / Python / Node
- Interest in advancing and enhancing secure code training with your own security findings
Nice To Haves:
- Experience implementing cloud security telemetry solutions and threat detection analytics
- Experience securing APIs and hosted infrastructure from cyber exploitation and attack
- Knowledge of Security Across Multi-Vendor Platforms
- Experience with ethical hacking
- Offensive Security Certified Professional (OSCP), GIAC Certified Incident Handler, (GCIH), Certified Information Systems Security Professional (CISSP)
- Google Cloud Security Engineer / DevOps Engineer Certification
- Certified DevSecOps Professional (CDP)
- SANS SEC540: Cloud Security & DevSecOps Automation
- Exposure to financial industry organizations & affiliates
Best,
The Array Recruiting Team
Tags: Analytics APIs Automation AWS CI/CD CISSP Cloud Code analysis Compliance Computer Science DevOps DevSecOps Docker Ethical hacking FinTech Forensics GCIH GCP GIAC Incident response Kubernetes Monitoring NIST Offensive security OSCP OWASP Python SaaS SANS Terraform Threat detection Vulnerabilities
Perks/benefits: Career development
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs
- Open Kubernetes-related jobs