DevSecOps Engineer

At Emburse our mission is to help make our users’ lives -- and their businesses – better. We are dramatically transforming how organizations manage corporate expenses and invoices. We humanize work by automating manual tasks and saving users’ time, so they can focus on what matters most -- their family, community, or more rewarding work. We help CFO's give their employees a simple and amazing experience while ensuring compliance and reducing costs. Our solutions are tailored for companies from start-ups to enterprises. We have more than 16,000 clients and 9 million users globally.
Emburse has offices across North America, including Los Angeles, Montreal, Portland (ME), San Diego, San Francisco, and Toronto, as well as locations in the UK, Germany, Spain, and Australia.
Our core values - Sincerity, Empathy, Empowerment, Individuality, and Teamwork - reflect who we are as a company. They are central to the decisions we make and the interactions we have with our teams, customers, and partners. As a people-focused company, we are seeking candidates who align with our values.
Emburse is a proud recipient of a 2020 Tech Cares Award from TrustRadius and a 2020 IDC SaaS CSAT Award for Travel and Expense. These awards celebrate companies that have gone above and beyond to provide their communities, clients, and front-line workers with support during the COVID-19 pandemic. We are a people-first company, and this award is a testament to our mission to humanize work.
Follow us to stay updated on news and job openings!
Develop software and software fixes to integrate internal systems. Ensure code quality, test and distribute code updates, and monitor the health and stability of the servers.

What You'll Do:

• Meet and beat Key Performance Indicators, SLAs, maintain best security practices while hardening ChromeRiver’s production footprint as it relates to security.
• Ensure the platform holds a high degree of resiliency and availability.
• Own technically intricate issues that cross between Security, DevOps, Databases, Networking, Code, Infrastructure and people; drive them to satisfactory completion.
• Maintaining security of digital platform:
1. Ensure compliance with regulatory, PCI, and ISO standards2. Determine security requirements by evaluating business strategies and requirements conducting system security and vulnerability/threat analysis and risk assessments as early on in the development life cycle as well as post hoc remediation3. Help architect, build and deploy secure infrastructure and security solutions in support of Cloud Operations - including standards for hosts, firewalls, load balancers, auto scaling groups, vpc’s, roles, security policies and all parts of the infrastructure.4. Develop Security as code to make security and compliance available to be consumed as services. 5. Design public key infrastructures (PKIs) and API security, including use of certification authorities (CAs) and digital signatures
• This is an on-call position. The expectation for the role is that the individual will be available while on an on-call rotation. During that time, the person will be responsible for answering Sev1 alerts and remediating them at any time during, day or night.
• Develop and implement security processes in parallel and in conjunction with ChromeRiver’s security team.
• Other duties as assigned

What We're Looking For:

• Bachelor's Degree
• Preferred: Bachelor's degree in Computer Science or similar field
• Minimum of 7 years' experience in an engineering role
• Deep understanding of infrastructure security, Linux/Unix, scripting, self-healing, containers, DevOps tooling, distributed systems
• Excellent written and verbal communication skills, in English
• Experience with full lifecycle of security improvements, monitor and remediations
• Excellent follow-up and project management skills
• Proven ability to create and maintain new tools. Scripting is a part of this position
• Excellent troubleshooting skills
• Strong scripting skills. OOP is a plus, and deep Java experience would be ideal
• Liase with management and other teams to work and triage different problem areas, prioritize
• Work with application owners, IT, developers and project teams on targeted penetration tests of the whole application stack from network to application and processes
• Play a part in automation of security testing and reporting efforts.
• RedTeam experience

Emburse provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, Emburse complies with applicable state and local laws governing nondiscrimination in employment in every location where the company has facilities. This policy applies to all terms and conditions of employment.