DevSecOps Specialist

Hi everyone!

We are looking for a DevSecOps Specialist for the Sweed product startup, remote.

Further - more, in the Q&A.

What are we doing?

At Sweed, we offer a comprehensive cannabis retail solution with a wide range of features, including powerful POS functionality, in-depth analytics, marketing and promotional tools, efficient inventory management, and more. Our progressive web-app can be easily accessed through the tablets already available in your store, without any additional hardware required.

Since our establishment, we have been committed to creating an all-in-one system tailored to the specific needs of large cannabis retailers. Today, we are proud to be a market leader, owing much of our success to our signature killer feature – providing a full spectrum of software in one solution.

Why are we doing this?

At our company, we are driven by our passion for the medicinal potential of plants, particularly in their ability to influence cancer treatment and overall well-being and quality of life. Although there is a significant amount of stigma associated with this area, we strongly believe that these plants possess unique properties and have helped countless people improve their quality of life. This is a rapidly growing industry that presents immense potential for career advancement and personal fulfillment, and we are excited to explore how we can contribute to this dynamic field.

How old is the project? What stage is it at?

The project is already 4 years on the market, at the stage of active development. 

Our current priority is to establish and maintain strong customer trust, which has driven the development of our delivery processes that allow us to launch new features on a daily basis. Given the highly specialized nature of the cannabis retail market, we are committed to rapidly meeting the evolving needs of our customers. Furthermore, the market's unique legal framework presents challenges with significant variations in state-level taxes, delivery regulations, and other factors.

What to do in the project?

• Conducting regular security audits of applications and services;

• Manual and automated vulnerability detection in developing mobile and web applications, participating in their analysis together with development teams with the provision of PoC (Proof of Concept);

• Automating the processes of eliminating identified vulnerabilities;

• Optimizing the secure development process;

• Implementing AppSec practices in development teams and conducting regular training sessions.

What professional skills are important to us?

• Over 2 years of experience in DevSecOps or AppSec positions;

• Advanced knowledge and hands-on experience with SCA, SAST, DAST, IAST, OAST, and RASP tools such as Trivy, Grype, OWASP ZAP, Snyk, and Imperva;

• Proven experience in implementing BSIMM and OWASP SAMM;

• Expertise in mitigating threats from the OWASP Top 10, OWASP Mobile Top 10, and CWE Top 25;

• Proficient in DevOps tools including Kubernetes, Docker, GitLab, Deckhouse, AWS, and Terraform;

• Experience in developing internal tools and integrations, with the ability to understand and read codebases in technologies such as C#, Transact-SQL, JS, Node.js, and Python;

• Familiarity with Atlassian products, including automation creation;

• Fluent in Russian, with English proficiency at least at the B1 level. 

Team size and structure? 

We have structured our team around particular products. Typically, each team consists of 10-12 people, including front-end and back-end engineers, QA specialists, and analysts. A separate product owner is responsible for each team. Currently, we have a team of around 150 people.

The conditions:

Is there a probation period, and how long does it last? - Probation period lasts 3 months.

What is the work schedule? - Flexible working hours. Our working time zone is 08.00-14.00 (GMT), but it depends on the team, and can be flexible.

Is it possible to work remotely? - There is an opportunity to work fully remotely, we are a remote-first company, and we don't have offices.

What currency is the salary paid in, and what is the form of employment? - Salary in dollars (employment under a B2B contract with the USA).

The number of vacation days? - 20 working days per year.

The number of sick leave days? - 3 days. 

Social package (medical insurance, other): Medical insurance becomes available after the probation period.

The process:

Interview in English? - There’s a short English check.

How many stages of the interview?

• Intro call with a recruiter (1 hour);

• Technical interview (1-1.5 hours);

• Final Interview with Head of Backend (1 hour).