SecOps Engineer - Remote

About Us

At Zyte, we eat data for breakfast and you can eat your breakfast anywhere and work for Zyte. Founded in 2010, we are a globally distributed team of over 250 Zytans working from over 28 countries who are on a mission to enable our customers to extract the data they need to continue to innovate and grow their businesses. We believe that all businesses deserve a smooth pathway to data

For more than a decade, Zyte has led the way in building powerful, easy-to-use tools to collect, format, and deliver web data, quickly, dependably, and at scale. And today, the data we extract helps thousands of organizations make smarter business decisions, secure competitive advantage, and drive sustainable growth. Today, over 3,000 companies and 1 million developers rely on our tools and services to get the data they need from the web.

About the Job

As a SecOps engineer you will be part of the IT organization, reporting to the Security & Compliance Lead and you will work closely with Infrastructure, DevOps and Product teams to improve the overall security posture at Zyte and support our Information Security Program/Roadmap.

We are looking for a SecOps engineer to join our Security team to help scale, improve our security practices and maintain our technology stack which includes and not limited to Tenable.io Vulnerability Management , Tenable.io WAS ( Dynamic Application Security Testing) , Google Security Command Center , 1 Password Enterprise Password Manager, Mosyle Fuse mobile security , Panorays Security Risk management platform.

As the Security Team at Zyte, we are responsible for all the overall Information Security including and not limited to Information Security Program / Roadmap, Information Security Policies and Procedures, Governance, Risk Management, Information Security Compliance , Internal Security Audits / Risk Assessments, Vendor Management, Threat and Vulnerability Management, Application Security Testing | Internal Pen Testing, Identity and Access Management | Access Security, Security Incident Management, Encryption and Key Management, Third Party Penetration Testing, Responsible Disclosure Program (Bug Hunt), Security Awareness and Training Program, Security Operations and Monitoring (SOC).

Key Responsibilities:

• Performing vulnerability assessments using leading technology scanners.
• Analyze the risk and severity of the detected vulnerabilities and evaluate the exploitability, and Impact of that on our production servers.
• Work very closely with our Infrastructure , DevOPS, and Product teams to fix legitimate vulnerabilities in accordance with our vulnerability management policy and procedures.
• Responsible for the Security hardening of our production systems , OS, and infrastructure according to supported technical controls, and as part of a security baseline. Help to improve the current process to reduce the number of attack vectors.
• Deployment and maintenance of security agents on all our production systems to enable threat detection and response.
• Work closely with Security Lead to Improve our strategy to detect , monitor , and respond to security threats on Zyte production systems.
• Performing Dynamic Application Security (DAST) on our key platforms to identify OWASP TOP 10, CWE TOP 25 vulnerabilities such as cross-site scripting (XSS) and SQL injection in custom application code and vulnerable versions of third-party components running on our site.

• Responsible for responding to reported vulnerabilities by security researchers to confirm their applicability on our applications and infrastructures.
• Participate on the Security incident investigations, and support members across our Tech teams to determine RCA.
• Automate container security scans in the CI/CD pipeline for DevOps Teams
• Help to integrate security into the DevOps culture.
• Support to deliver Security projects including technical support through effective communication between key stakeholders.
• Help to prioritize issues and proactively initiate solutions and also seek alternate ways to achieve the required objective.
• Cooperate in delivering the undertaken projects to the end even if it requires non-technical effort.

Requirements

• 3 -5 years experience in a Cyber Security role.
• In depth knowledge of Security standards such as NIST CSF, ISO 27001, NIST 800-53, SOC 2.
• Very good experience operating security on cloud or on premise environments such as GCP, AWS, Servers.com, Hetzner.
• Experience conducting Web Application Security Testing / Penetration testing.
• Experience driving remediation actions on Web Application and infrastructures with Development , Engineering Teams.
• Good understanding of web API security best practices.
• Good conceptual understanding of the Secure SDLC.
• Experience creating security documentation and technical process documentation.
• Good understanding of network security technologies and protocols like Firewalls, Network IPS & IDS, TCP/IP, HTTP/HTTPS, TLS, DNS, FTP, DHCP, LDAP, SSO, RDP, Failover & Balancer, VPN.
• Highly organized, able to multitask, able to work individually, as well as within a team, and across teams.
• Strong oral and written communication skills in English.
• Flexibility around working hours - if there is an issue you should use your initiative and help resolve it.
• Maintaining and respecting confidentiality of large amounts of information you have access to.

• Security Certifications (CISSP / CEH / CISA).
• Experience with SAST / SCA tooling aligned with the OWASP Top 10 and CWE Top 25
• Experience with programming languages

Benefits

By joining the Zyte team, you will:

• Flexible working Model, Have the freedom & flexibility to work remotely.
• Become part of a self-motivated, progressive, multi-cultural team.
• Get the chance to work with cutting-edge open source technologies and tools.
• 35 paid time off per year

#LI-Remote