DevSecOps Engineer

Media.Monks is a digital-first marketing and advertising services company connecting the dots across content, data & digital media and technology services. Inspired by the connectivity and flexibility of technology APIs, Media.Monks’ single-P&L model offers brands seamless access to a nearly 6,000-strong team of digital talent organized across 57 talent hubs in 33 countries. 

With us, you'll find a diverse group of colleagues with different backgrounds and perspectives. We believe everyone has something of value to offer, and that sustaining a truly diverse, equitable and inclusive workplace begins with fostering an environment where people can be themselves, authentically, every day. We want to build something with the potential to change the heart of our industry, and we’d love to include your unique perspective.

We are looking for a DevSecOps Engineer who is able to understand the stakeholders needs in order to apply security in development pipelines for internal and client projects for improving the level of security of the development projects.

This person will be responsible for running and implementing security in the CI/CD pipelines, propose improvements or innovation to the current process and act as a reference for the development and security teams regarding secure best practices in a SSDLC. 

Key accountabilities:

• Assess security risks over the CI/CD pipeline,  applications and services that are part of the company’s and clients technological environments.
• Analyze cloud architectures and applications design from a security perspective in order to give advice on security best practices and guidelines in development activities.
• Write comprehensive reports including assessment-based findings, outcomes and propositions for further security enhancement.
• Implement accountability on DevSecOps controls implementation.
• Work with other teams to help prepare and document standard operating procedures and protocols related to secure development.
• Provide topics and materials for developing security-focused trainings
• Research and propose new security tools to implement different kinds of projects.
  
  

Minimum Qualifications:

• +3 of experience in similar roles.
• Experience in secure development and SAST automation.
• Solid knowledge of architecture and security baselines in cloud (AWS, GCP and/or Azure).
• Experience in performing code security assessments.
• Solid experience in web application security and secure development (SSDLC), APIs security, microservices.
• Fluent english (written and oral).
  
  

Desirable Qualifications

• Bachelor’s degree in Computer Science/Engineering/Information Security.
• Knowledge of secure development in AEM, PHP, Node, API Rest, Drupal and Mobile.
• Solid knowledge of cloud security architecture and configuration.
  
  

Qualities:

• Good communication 
• Ability to confidently present findings to those with either a technical or non-technical background.
• Self-directed, resourceful, and a critical thinker with attention-to-detail and proactive problem-solving skills.
• Ability to self-organize and plan activities with commitment towards results.
• Ready to learn new contents both from others or self-learned.
• Passionate about self-improvement and suggesting improvements to processes or activities.
  
  

Preferred Qualifications:

• AWS Certified Solutions Architect Associate / Certified Security Specialist
• ISO27001 framework knowledge
• Solid knowledge in securing CI/CD Pipelines: Sonarqube, Github, Jenkins
• Solid understanding of repos tools such as: Bitbucket, Azure DevOps, AWS Dev Tools.
• Containers security: Docker, Kubernetes, OpenShift, and so on.
• GCP Professional Cloud Architect / Professional Cloud Security Engineer

#LI-FR1

About Media.Monks:

At Media.Monks, you’ll be joining a highly ambitious company on a global mission to win the decade by changing the industry for good. Partner to 8 of the 10 most innovative companies in the world, Media.Monks works with established as well as up-and-coming global, regional, DTC and B2B brands, helping them own their data and build out customer ecosystems to elicit smart, efficient, high-impact engines for growth. We deliver table stakes quickly, creating cost efficiencies from day one to push up the creative effectiveness of our work with every cycle.

We are an equal-opportunity employer committed to building a respectful and empowering work environment for all people to freely express themselves amongst colleagues who embrace diversity in all respects. Including fresh voices and unique points of view in all aspects of our business not only creates an environment where we can all grow and thrive but also increases our potential to produce work that better represents—and resonates with—the world around us.