DevSecOps Engineer
USA - Remote
BLOCKCHAINS
At Blockchains, we envision a world transformed by blockchain technology, innovating with unlimited velocity; so, our efforts do not stop at software.Blockchains will only consider candidates who reside in the U.S. and do not require any VISA support.
OUR VISION
In the transformative world of Web3, it is an individual’s fundamental right to own and control their digital identity. To ensure that the individual is paramount in Web3, we are developing tools that enable everyone to engage and transact online in a safe and trusted way. Individuals are in control of what information they choose to share and with whom they choose to share it. We are developing a pioneering platform that combines the power of social experiences with Web3 Identity. This platform will provide individuals with access to interactive 3D experiences, verified communities, trusted transactions, the ability to prove ownership of their creations, and visibility and control over the data collected about them -- all designed to empower and benefit every Web3 user.
We believe that the decentralized nature of Web3 creates an opportunity for everyone to challenge the digital status quo—to own and control their identity, data, finances, creations, and future. This is the chance to get it right – to rally a movement of individuals focused on ensuring that Web3 belongs to everyone, not just to trillion-dollar companies. To fulfill this vision, we are seeking dynamic people who want to join us in leading the way to this new world.
WHAT YOU WILL DO
As a key member of the Cyber/IT team with robust interaction across other functions – Product, Engineering and GRC – the DevSecOps Engineer will be critical to the realization of DevSecOps principles and best practices at Blockchains. You will provide leadership in the DevSecOps areas of Vulnerability Scanning, coordination of Remediation Patching, and other daily Security and Compliance efforts in software engineering, builds and deployments. You have tactical skills in development and IT operations experience as well as demonstrable cybersecurity savvy –a security-first mindset – and can analyze issues, articulate solutions, coach/mentor responsibilities for key functional groups, and catalyze action to advance us on our journey to DevSecOps excellence.
- Manage app-sec lifecycle of architecture, tooling, and operations:
- Working productively with Engineering and Cyber/IT teams to accelerate momentum for CI/CD pipeline automation – from tooling and governance (process, procedures, and playbooks) perspectives – and motivate app-sec champions to own and drive adherence to standards. Serve as point of contact for product teams on all such matters.
- Enabling and championing constant refinement in DevSecOps practices, including automation of SAST, DAST, IAST, MAST along with threat modeling, code peer reviews, penetration testing, security remediation and security monitoring/incident response enablement.
- Hands-on experience building and maintaining CI/CD pipelines and automating manual processes, preferably in Gitlab.
- Hands-on experience implementing and maintaining SAST and DAST tools like Sonarqube Sonar, BlackDuck, Snyk, Synopsis SRM, OWASP ZAP, Rapid7 InsightAppSec.
- Work on cross-functional Cyber/IT, GRC and Engineering projects:
- Identifying new tools or innovating existing provisions, tooling, or procedural, to drive new efficiencies and to augment impact of DevSecOps capacity and performance.
- Identifying and proposing controls for risks, technical or operational, crafting appropriate governance apparatus for review, refinement, and adoption by team(s) upon approval.
- Coaching to enable security champions and raise awareness – in peer-to-peer training, workshops, or less structured initiatives – of DevSecOps principles and practices, and work with team members across functions to drive corresponding tactics.
WHAT YOU WILL NEED TO SUCCEED
To ensure success, you must have a passion for all things IT, Cybersecurity, and DevSecOps with a security first mindset. You are a diligent worker who is equally technical, and business minded. You are knowledgeable in taking a risk-based approach to prioritize efforts. You can assist in leading efforts to improve the overall uptime and availability of systems. You can work with numerous cross-functional teams in a fast paced, growing company. Strong verbal and written communication skills. Experience in blockchain technologies would be a plus.
YOUR EDUCATION AND EXPERIENCE
You have a bachelor’s degree and relevant work experience. You possess demonstrated experience with the implementation, operation, and support of enterprise DevSecOps technologies. You have a background in software development or as a systems engineer, with a focus on security.
Blockchains, Inc. (“Blockchains”) is proud to be a diverse workforce, and we are committed to inclusion and diversity to ensure equal opportunity for all applicants. Blockchains provides equal employment opportunities to all employees and applicants regardless of race, color, religion, sex, sexual orientation, gender identity and/or expression, national origin, age, marital status, physical or mental disability, veteran status, or any other characteristic protected by federal, state, or local laws.
When you apply to a job on this site, the personal data contained in your application will be collected by Blockchains, Inc. (“Controller”), which is located at 610 Waltham Way, Sparks, NV 89437 and can be contacted by emailing privacy@blockchains.com. Controller’s data protection officer is Edward O'Connor, who can be contacted at privacy@blockchains.com. Your personal data will be processed for the purposes of managing Controller’s recruitment related activities, which include setting up and conducting interviews and tests for applicants, evaluating and assessing the results thereto, and as is otherwise needed in the recruitment and hiring processes. Such processing is legally permissible under Art. 6(1)(f) of Regulation (EU) 2016/679 (General Data Protection Regulation) as necessary for the purposes of the legitimate interests pursued by the Controller, which are the solicitation, evaluation, and selection of applicants for employment.
Your personal data will be shared with Greenhouse Software, Inc., a cloud services provider located in the United States of America and engaged by Controller to help manage its recruitment and hiring process on Controller’s behalf. Accordingly, if you are located outside of the United States, your personal data will be transferred to the United States once you submit it through this site. Because the European Union Commission has determined that United States data privacy laws do not ensure an adequate level of protection for personal data collected from EU data subjects, the transfer will be subject to appropriate additional safeguards under [either the standard contractual clauses or the Privacy Shield]. You can obtain a copy of the standard contractual clauses by contacting us at privacy@blockchains.com.
Your personal data will be retained by Controller as long as Controller determines it is necessary to evaluate your application for employment. Under the GDPR, you have the right to request access to your personal data, to request that your personal data be rectified or erased, and to request that processing of your personal data be restricted. You also have to right to data portability. In addition, you may lodge a complaint with an EU supervisory authority.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Automation Blockchain CI/CD Cloud Compliance DAST DevSecOps GDPR GitLab Governance IAST Incident response Monitoring OWASP Pentesting Privacy SAST SonarQube
Perks/benefits: Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Cloud Security Architect jobs
- Open Product Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Information Security Officer jobs
- Open Information Security Specialist jobs
- Open Senior Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Chief Information Security Officer jobs
- Open Cyber Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open IT Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Manager Pentest H/F jobs
- Open Security Operations Analyst jobs
- Open Security Consultant jobs
- Open IT Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Senior Network Security Engineer jobs
- Open Information Security Architect jobs
- Open C-related jobs
- Open CISM-related jobs
- Open Risk assessment-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open ISO 27001-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Analytics-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open Security assessment-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open DoD-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open DevOps-related jobs
- Open APIs-related jobs
- Open Splunk-related jobs
- Open IDS-related jobs
- Open IPS-related jobs
- Open Kubernetes-related jobs