Security Engineer, DevSecOps | Remote US
CoalfireCoalfire is the cybersecurity advisor that combines extensive cloud expertise, technology, and innovative approaches to help clients develop scalable programs that improve their security posture and fuel their continued success.
Coalfire is on a mission to make the world a safer place by solving our clients’ toughest cybersecurity challenges. We work at the cutting edge of technology to advise, assess, automate, and ultimately help companies navigate the ever-changing cybersecurity landscape. We are headquartered in Denver, Colorado with offices across the U.S. and U.K., and we support clients around the world.
But that’s not who we are – that’s just what we do.
We are thought leaders, consultants, and cybersecurity experts, but above all else, we are a team of passionate problem-solvers who are hungry to learn, grow, and make a difference.
And we’re growing fast.
We’re looking for a Security Engineer to support our Product team.
The Security Engineer – DevSecOps position will provide security leadership within our product engineering teams. This resource will coordinate security requirements and standards throughout the product lifecycle by working closely with Engineering Development Operations to manage the vulnerabilities, cryptography, security monitoring, and risk management controls within our application-based products.
What You'll Do
- Be a member of Coalfire Information Security Team and liaison with Product DevOps teams to ensure compliance to information security standards
- Detect, analyze, and react to detected security events, such as vulnerabilities, potential intrusions, and malware detections within the Coalfire product environments
- Perform regular SCA/SBOM, DAST and SAST scanning of the various cloud and stand-alone applications that comprise our product lineup
- Track trends against various metrics that capture the risk, threats, and vulnerabilities within the product environment
- Provide leadership and guidance to DevOps teams on how to prioritize and implement remediation activities for application flaws
- Be a champion for security within all stages of the SDLC
What You'll Bring
- 3-6 years experience in DevSecOps, AppSec, NetSec, InfoSec, other related roles
- Familiarity with open source and commercial application security tools and frameworks
- Experience in exploiting web applications and web services using application vulnerabilities, including XSS, CSRF, injection, DoS and API attacks
- Experience with the design and deployment of servers, applications, and containers in AWS
- Experience with network security and network technologies
- Strong verbal and written communication skills
- Familiarity or direct experience with DevOps processes, including CI/CD pipelines and related tools
- Familiarity with Agile-based development lifecycle processes, such as iteration planning, stand ups, and retrospectives
- Knowledge of cloud security designs, deployments, and monitoring
- Mastery of application security concepts, such as threat modeling and secure coding techniques
- At least one security certification, such as CISM, CISA, CISSP, Security+, CCSP, etc.
- Bachelor’s degree (four-year college or university) or equivalent combination of education and work experience
- MS in Information Security, Computer Science or IT related discipline
- AWS DevOps and Security certifications
- In good standing with multiples major security certification (CISSP, CISM, CGEIT, CISA or similar)
- Previous experience in network or application penetration testing, IT controls assessments/audits, or hunt response exercises
- Previous automation experience with GitLab, AzureDevOps, Jenkins, Octopus, Python and shell scripts
At Coalfire, you’ll find the support you need to thrive personally and professionally. In many cases, we provide a flexible work model that empowers you to choose when and where you’ll work most effectively – whether you’re at home or an office.
Regardless of location, you’ll experience a company that prioritizes connection and wellbeing and be part of a team where people care about each other and our communities. You’ll have opportunities to join employee resource groups, participate in in-person and virtual events, and more. And you’ll enjoy competitive perks and benefits to support you and your family, like paid parental leave, flexible time off, certification and training reimbursement, digital mental health and wellbeing support membership, and comprehensive insurance options.
At Coalfire, equal opportunity and pay equity is integral to the way we do business. A reasonable estimate of the compensation range for this role is $78,000 to $135,000 based on national salary averages. The actual salary offer to the successful candidate will be based on job-related education, geographic location, training, licensure and certifications and other factors. You may also be eligible to participate in annual incentive, commission, and/or recognition programs. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
More jobs like this
Remote - Ontario Remote - Ontario Full TimeSenior Senior-levelUSD 52K - 98K * USD 52K+ *
Senior Software Developer - Full Stack (Security Research Services Development)Agile APIs Artificial Intelligence AWS Cloud Full stack +15
401(k) matching Career development Equity Flex vacation Health care +6
Vancouver, Canada Vancouver, Canada Full TimeSenior Senior-levelUSD 136K - 210K * USD 136K+ *
Senior Security Engineer (Remote, Canada)Application security Compliance Firewalls Incident response Offensive security Risk analysis +2
401(k) matching Career development Flex vacation Health care Parental leave +1
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Consultant infrastructure sécurité H/F jobs
- Open Senior Information Security Analyst jobs
- Open Staff Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Product Security Engineer jobs
- Open Senior Security Architect jobs
- Open Security Operations Engineer jobs
- Open Principal Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Ingénieur DevSecops H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open Security Specialist jobs
- Open Senior Cyber Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Windows-related jobs
- Open Agile-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open ISO 27001-related jobs
- Open CISM-related jobs
- Open Analytics-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open SaaS-related jobs
- Open DevOps-related jobs
- Open CISA-related jobs
- Open Security Clearance-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open Forensics-related jobs
- Open Kubernetes-related jobs
- Open IDS-related jobs
- Open CI/CD-related jobs
- Open APIs-related jobs
- Open Splunk-related jobs