Security Engineer, DevSecOps
Chicago
Applications have closed
The Role
League’s Security Engineering teams are responsible for scaling security in the development lifecycle, ensuring applications are secure by design, and managing security incidents and response. We believe in security by design and follow a paved road philosophy by building or buying tools that we can integrate into our platform to ultimately make it easier for our engineers to do the right thing. As a DevSecOps Engineer you will care deeply about “what we build, how we build it, where it runs, and beyond”. You have peers in Security Engineering who care about “building secure applications” at League, your role is to ensure the correct processes are applied to our applications, and that the environment it lives in is secure. This role will focus on Secure Build, Deployment Gatekeeping, Secure Infrastructure, and Automated Reporting. DevSecOps Engineers on our DevSecOps team take pride in how fast and how far we can scale security. Security isn’t the last check before go-live, it’s baked into the Software Development Life Cycle (SDLC). DevSecOps is a broad field; we don’t, and never will, expect anyone to be an expert in all areas. However we do expect individuals to be passionate, ask questions, and want to learn. Only together will we be successful.
As always, if this is your skillset we encourage you to apply. We also accept and encourage applicants who have existing software engineering experience and want to explore security and applicants who may have done a security program in a post-secondary institution. There are people across the engineering organization who are ready to help grow technical skills and who want to learn more about security.
In this role, you will be apart of a team that is responsible for:
- Writing and possibly reviewing code, expect this to be a significant amount of your day
- Collaborating in an Agile Software Team, attending ceremonies and building software together
- Managing various tools and configurations in an “as code” way, being at the front of the Security as Code movement.
- We have high expectations for repeatability and configurability, you will have similar.
- You’ll be a candidate who sees the manual context of current security insufficient and should be more automation oriented.
- Securing our Infrastructure via Infrastructure/Configuration as Code
- Securing our Kubernetes footprint inside and out, including deployment
- Securing and Reporting on our SDLC, ensuring quality
- Authoring and distributing security controls integrated into pipeline tooling
- Operating Security tooling (Snyk, Veracode, Wiz, Falco, OPA)
- Working together with technical individuals in our security, platform, and product functions to drive security into their tools and processes
About You:
- You have a degree in a security, computer science or software engineering from a reputable post-secondary institution
- You have between 1 and 5 years of experience within Cloud Security, DevSecOps, DevOps, Software Engineering or other
- You are able to write code in Python, Go or similar higher level languages
- You may have experience with a CSPM (Wiz, Snyk)
- You may have knowledge regarding security tools (Sysdig, Snyk, Trivvy, Sonarqube)
- You may have experience in one or more clouds. GCP, AWS, Azure, or similar
- You may have contributed to or operated a Kubernetes Application stack
- You may have experience with Serverless Eventing/Serving (Lambda, CloudRun, Knative)
- You may have Infrastructure as Code (Terraform, Ansible) experience
- You may have authored CICD pipelines (Github, Gitlab, Jenkins, CircleCI, Tekton)
- You are generally aware of the end to end SDLC
- You enjoy reading up on the latest security topics.
- You are a collaborator at your core
Our Application Process: Applying to a role you love can be exhausting, and understanding the next steps can feel vague and uncertain. You have done the hard part of submitting your application; let's do ours by sharing potential next steps
- You should receive a confirmation email after submitting your application.
- A recruiter (not a computer) reviews all applications at League.
- If we see alignment with League's needs, a recruiter will reach out to learn more about your goals. The recruiter will also share the team-specific interview process depending on the roles you are exploring.
- The final step is an offer, which we hope you will accept!
- Prior to joining us, we conduct reference and background checks. Additional checks could be required for US Candidates, depending on the role you are exploring.
Recognize and Avoid Employment scams. Practice safe job searching.
Scammers are getting craftier and leveraging fake job postings to get personal information. Know the warning signs and protect yourself from scammers. Learn more here. Privacy Policy Review our Privacy Policy for information on how League is protecting personal data.* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile Ansible Automation AWS Azure CircleCI Cloud Computer Science DevOps DevSecOps GCP GitHub GitLab Kubernetes Lambda Privacy Python SDLC SonarQube Terraform Veracode
Perks/benefits: Career development Equity Flex vacation Health care Salary bonus
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Security Operations Engineer jobs
- Open Information Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open IT Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open IT Security Engineer jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open DevOps-related jobs
- Open Security assessment-related jobs
- Open Kubernetes-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open CI/CD-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs