SecOps Engineer - Remote
Warsaw, Masovian Voivodeship, Poland - Remote
ZyteAccess clean, valuable data with web scraping services that drive your business forward. 14 day free trial available.
At Zyte, we eat data for breakfast and you can eat your breakfast anywhere and work for Zyte. Founded in 2010, we are a globally distributed team of over 250 Zytans working from over 28 countries who are on a mission to enable our customers to extract the data they need to continue to innovate and grow their businesses. We believe that all businesses deserve a smooth pathway to data
For more than a decade, Zyte has led the way in building powerful, easy-to-use tools to collect, format, and deliver web data, quickly, dependably, and at scale. And today, the data we extract helps thousands of organizations make smarter business decisions, secure competitive advantage, and drive sustainable growth. Today, over 3,000 companies and 1 million developers rely on our tools and services to get the data they need from the web.
About the Job
As a SecOps engineer you will be part of the IT organization, reporting to the Security & Compliance Lead and you will work closely with Infrastructure, DevOps and Product teams to improve the overall security posture at Zyte and support our Information Security Program/Roadmap.
We are looking for a SecOps engineer to join our Security team to help scale, improve our security practices and maintain our technology stack which includes and not limited to Tenable.io Vulnerability Management , Tenable.io WAS ( Dynamic Application Security Testing) , Google Security Command Center , 1 Password Enterprise Password Manager, Mosyle Fuse mobile security , Panorays Security Risk management platform.
As the Security Team at Zyte, we are responsible for all the overall Information Security including and not limited to Information Security Program / Roadmap, Information Security Policies and Procedures, Governance, Risk Management, Information Security Compliance , Internal Security Audits / Risk Assessments, Vendor Management, Threat and Vulnerability Management, Application Security Testing | Internal Pen Testing, Identity and Access Management | Access Security, Security Incident Management, Encryption and Key Management, Third Party Penetration Testing, Responsible Disclosure Program (Bug Hunt), Security Awareness and Training Program, Security Operations and Monitoring (SOC).
- Performing vulnerability assessments using leading technology scanners.
- Analyze the risk and severity of the detected vulnerabilities and evaluate the exploitability, and Impact of that on our production servers.
- Work very closely with our Infrastructure , DevOPS, and Product teams to fix legitimate vulnerabilities in accordance with our vulnerability management policy and procedures.
- Responsible for the Security hardening of our production systems , OS, and infrastructure according to supported technical controls, and as part of a security baseline. Help to improve the current process to reduce the number of attack vectors.
- Deployment and maintenance of security agents on all our production systems to enable threat detection and response.
- Work closely with Security Lead to Improve our strategy to detect , monitor , and respond to security threats on Zyte production systems.
- Performing Dynamic Application Security (DAST) on our key platforms to identify OWASP TOP 10, CWE TOP 25 vulnerabilities such as cross-site scripting (XSS) and SQL injection in custom application code and vulnerable versions of third-party components running on our site.
- Responsible for responding to reported vulnerabilities by security researchers to confirm their applicability on our applications and infrastructures.
- Participate on the Security incident investigations, and support members across our Tech teams to determine RCA.
- Automate container security scans in the CI/CD pipeline for DevOps Teams
- Help to integrate security into the DevOps culture.
- Support to deliver Security projects including technical support through effective communication between key stakeholders.
- Help to prioritize issues and proactively initiate solutions and also seek alternate ways to achieve the required objective.
- Cooperate in delivering the undertaken projects to the end even if it requires non-technical effort.
- 3 -5 years experience in a Cyber Security role.
- In depth knowledge of Security standards such as NIST CSF, ISO 27001, NIST 800-53, SOC 2.
- Very good experience operating security on cloud or on premise environments such as GCP, AWS, Servers.com, Hetzner.
- Experience conducting Web Application Security Testing / Penetration testing.
- Experience driving remediation actions on Web Application and infrastructures with Development , Engineering Teams.
- Good understanding of web API security best practices.
- Good conceptual understanding of the Secure SDLC.
- Experience creating security documentation and technical process documentation.
- Good understanding of network security technologies and protocols like Firewalls, Network IPS & IDS, TCP/IP, HTTP/HTTPS, TLS, DNS, FTP, DHCP, LDAP, SSO, RDP, Failover & Balancer, VPN.
- Highly organized, able to multitask, able to work individually, as well as within a team, and across teams.
- Strong oral and written communication skills in English.
- Flexibility around working hours - if there is an issue you should use your initiative and help resolve it.
- Maintaining and respecting confidentiality of large amounts of information you have access to.
- Security Certifications (CISSP / CEH / CISA).
- Experience with SAST / SCA tooling aligned with the OWASP Top 10 and CWE Top 25
- Experience with programming languages
By joining the Zyte team, you will:
- Flexible working Model, Have the freedom & flexibility to work remotely.
- Become part of a self-motivated, progressive, multi-cultural team.
- Get the chance to work with cutting-edge open source technologies and tools.
- 35 paid time off per year
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: APIs Application security Audits AWS CEH CI/CD CISA CISSP Cloud Compliance DAST DevOps DNS Encryption Firewalls GCP Governance IAM IDS IPS ISO 27001 LDAP Mobile security Monitoring Network security NIST Open Source OWASP Pentesting Risk assessment Risk management SAST Scripting SDLC SecOps SOC SOC 2 SQL SQL injection SSO Strategy TCP/IP Threat detection TLS Vendor management VPN Vulnerabilities Vulnerability management XSS
More jobs like this
Kyiv, Kyiv city, Ukraine … Kyiv, Kyiv city, Ukraine - Remote Full TimeMid Mid-levelUSD 100K - 175K * USD 100K+ *
Security Engineer - Work Anywhere/RemoteAgile Analytics Cloud Computer Science Linux Machine Learning +6
Career development Flex hours Flex vacation Medical leave Unlimited paid time off
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open SOC Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Senior Information Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Analyste CERT / Incident Responder junior (H/F) jobs
- Open Ingénieur DevSecops H/F jobs
- Open Chief Information Security Officer jobs
- Open Analyste CERT / Incident Responder senior (H/F) jobs
- Open Staff Security Engineer jobs
- Open Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open Security Operations Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Security Architect jobs
- Open o365 Security Architect jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open Senior Cyber Security Engineer jobs
- Open Staff Product Security Engineer jobs
- Open Senior Security Analyst jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Senior SOC Analyst jobs
- Open Cyber Security Architect jobs
- Open GCP-related jobs
- Open SOC-related jobs
- Open Risk assessment-related jobs
- Open Governance-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open Threat intelligence-related jobs
- Open IAM-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open CISA-related jobs
- Open Security Clearance-related jobs
- Open Vulnerability management-related jobs
- Open Kubernetes-related jobs
- Open DevOps-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Forensics-related jobs
- Open SQL-related jobs
- Open CI/CD-related jobs
- Open DoD-related jobs