Senior Security Engineer - DevSecOps

We're looking for security conscious engineers

Join our security team and help secure our organization through maintaining, engineering and deploying security solutions. We use industry standard security tools, in an automated fashion, to ensure our security teams can operate effectively and provide security to the company.

Responsibilities

As an individual contributor on our Cybersecurity engineering team, you’ll have a broad set of responsibilities including: (the mix will depend on your interests and skill-level)

• Troubleshooting security problems
• Assist in the management and deployment of security products on endpoints, servers and virtual desktops
• Design, operate and maintain a vulnerability management program
• Assist the Security Team in responding to and remediating system and/or network security breaches
• Plan, implement, manage, monitor and upgrade security measures for the protection of the organization’s data, systems, and networks
• Ensure that the organization’s data and infrastructure are protected by enabling the appropriate security controls
• Plan, create and implement cybersecurity processes and policies
• Engage in domain-specific threat modeling and attack surface analysis/reduction
• Identify information and logs to monitor, then design and engineer the process for gathering that information
• Promotes best practices and design patterns

Required Skills

• Proficient in exploring, evaluating and integrating new technologies, programming languages, data models, or frameworks.
• Easily pick up new technologies and are keen to expand your knowledge
• Experience in development of projects related to network and security automation.
• Experience in infrastructure and automation processes and tools including Ansible, and Terraform
• Fundamental knowledge of SSH, TCP/IP, UDP, SSL, HTTP, HTTPS, PKI, DNS and other common protocols.
• Advanced experience in development in languages such as: Python, bash, or Golang
• Advanced knowledge of security controls, audits, and configurations related to:
  • Windows, Linux, ChromeOS, and macOS
  • AWS

Preferred Experience (Optional but valued)

• Experience in common continuous integration tools such as GitHub Actions, Jenkins and CircleCI.
• Advanced experience with the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) Framework
• Experienced DevOps or DevSecOps practitioner
• Advanced knowledge of security controls, audits, and configurations including SIEM (Splunk, QRadar) & EDR (Crowdstrike, Carbon Black)

Hiring process

When it comes to hiring processes, “rigorous” and “opaque” are often mistakenly conflated. For us, it’s always a mutual exchange, so we think it’s important that candidates have a clear understanding of the process and what we’re looking for. Learn more about the hiring process by visiting our careers page.

Benefits

Health and happiness go hand in hand, and we make every effort to support our team members in all facets of their lives—both inside and outside the office. Learn more about our employee benefits by visiting our careers page.

Before you apply

• At the moment, we do not sponsor visas in the UK and the EU. For Hong Kong, we require at least two years of working experience and a university degree in a related field. For Singapore, we can only sponsor visas for mid-career or above.
• Please upload your resume as a PDF and do not include any salary or compensation information in it.

ExpressVPN is one of the world’s leading providers of online privacy and security services for consumers. Started in 2009, we’ve grown to have millions of active paying customers, a team of more than 700 people worldwide, and a brand recognized by hundreds of millions of people in 18 languages and more than a hundred countries. We see huge growth in our industry, and are gaining market share through strong execution.