Devops Security Engineer (DevSecOps)

Overview: 

Spotter, named one of TIME100's Most Influential Companies this year, empowers top YouTube creators to accelerate their business and unleash their full creative potential by giving them access to the capital, knowledge, and community they need to succeed at scale. As the top provider of creator-friendly growth capital, Spotter tailors our investments to meet the unique needs of each creator we partner with, giving them the freedom to create without compromise.

Creators are free to reinvest their funds however they choose, from hiring a team, to building their own production studios, and everything in between, all while maintaining total control over their catalogs, their channels, and their future earnings. In addition to funding, Spotter provides creators with in-depth data insights into the performance of their existing content, enabling them to leverage the full value of their library, as well as the value of future uploads and how they can improve performance in the future.

Featured in Forbes, Fast Company, Variety, Axios, and more, Spotter has already deployed over $850 million to YouTube creators to reinvest in themselves and accelerate their growth. Spotter has licensed content that consists of over 725,000 videos, which generate 88 billion monthly watch-time minutes. With our curated premium video catalog, we deliver a unique scaled media solution to Advertisers and Ad Agencies that is transparent, efficient, and 100% brand safe.

What You’ll Do:

Spotter is seeking a DevOps Security Engineer to join our world-class infrastructure team! As a DevSecOps engineer, you will be responsible for integrating security into the software development process and for creating a more robust security system. Monitor and identify potential security threats & risks, ensuring compliance with security standards and regulations. Develop strategies to mitigate risks by identifying potential entry points into the system, test the effectiveness of existing security measures, adding countermeasures to prevent against new threats and implementing security controls

You will also collaborate with Software Engineers, Data Scientists, and Product Managers to enable and ensure that security is considered at every stage of the development process. This role also requires comprehensive expertise in cloud technologies, Infrastructure as Code (IaC), CI/CD principles, Security best practices and a strong foundation in AWS and coding security. 

• Develop and support Continuous Integration (CI) pipelines for automated deployment of data pipelines and highly available SaaS products. Applications are written in Python using AWS-native infrastructure and tools, including SageMaker, Lambda functions, API Gateway, Kubernetes (ECS, EKS) etc; and deployment of AI/ML models that are embedded into web applications and data science workflows.
• Design and implement GitHub configurations, including runners, executors, and workflows through Terraform, to enhance our software development and security operations processes.
• Develop Infrastructure as Code (IaC): Advocate and lead IaC initiatives using Terraform, promoting automation and consistency in infrastructure deployments. Goal is to eliminate all console access by 80%.
• Docker & Docker Machine Management: Oversee Docker images and containers, ensuring they meet application requirements and are optimized for performance.
• Auto-scaling Mastery: Refine auto-scaling rules and policies to maintain responsive and cost-effective applications.
• Perform analysis, design, develop and implementation activities to install, configure and maintain infrastructure, software and components, Infrastructure as Code (IaC) and Configuration as Code (CaC), for deployments
• Perform activities to ensure alignment of use cases and objectives with architecture and security.
• Establish and implement health and performance monitoring metrics and alarms for production systems using CloudWatch, DataDog, or equivalent.

Who You Are: 
Even if you don’t meet all the qualifications we still encourage you to apply!

• 5+ years of experience as a DevOps Engineer 
• 5+ years of combined experience developing in any of the following languages: C++, Java, Python
• 5+ years of experience developing and deploying scalable systems based in one of the following Cloud platforms: Amazon AWS, Google GCP, Microsoft Azure
• 3+ years of experience application security 
• Experience extending and supporting Cloud based monitoring tools such as AWS Cloud Watch, Datadog, LogicMonitor, Nagios, Splunk
• Experience managing remote workforce computing devices based on established Cybersecurity and Data Protection best practices
• Ability to identify security requirements, pinpoint security threats and potential vulnerabilities, quantify threat and vulnerability criticality, and prioritize remediation methods.

Core Requirements

• Subject matter expert on Application Security: Secure Software Development Lifecycle (SSDLC), threat modeling, secure coding, SAST, DAST,  and vulnerability management. This includes regularly scheduled pen-testing of AWS infrastructure in preparation for ISO27001 certification.
• Strong proficiency with AWS cloud infrastructure services and the integration of these services, Infrastructure as Code (Terraform, CloudFormation) principles, CI/CD methodologies, and containerization (Docker)
• Knowledge of auto-scaling best practices & policies to ensure responsive and cost-effective application performance.
• Strong written and verbal communication skills.

Preferred Certifications

• AWS Certified Solutions Architect
• AWS Certified Developer
• AWS Certified DevOps Engineer
• GIAC Cloud Security Automation (GCSA) 
• GIAC Certified Web Application Defender (GWEB)
• GIAC Web Application Penetration Tester (GWAPT)

Why Spotter

• Medical & Vision insurance covered up to 100%
• Dental insurance
• 401(k) matching
• Stock options
• Complimentary gym access
• Autonomy and upward mobility
• Diverse, equitable, and inclusive culture, where your voice matters.

In compliance with local law, we are disclosing the compensation, or a range thereof, for roles that will be performed in Culver City. Actual salaries will vary and may be above or below the range based on various factors including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. The overall market range for roles in this area of Spotter are typically: $100-$500K salary per year. The range listed is just one component of Spotter’s total compensation package for employees. Other rewards may include annual discretionary bonus and equity. 

COVID-19 Vaccination Policy

Spotter requires proof of being fully vaccinated for COVID-19 as a condition of commencing employment. 

Spotter is an equal opportunity employer. Spotter does not discriminate in employment on the basis of race, religion, creed, color, national origin, ancestry, citizenship, physical or mental disability, medical condition, genetic characteristics or information, marital status, sex (including pregnancy, childbirth, breastfeeding, and related medical conditions), gender, gender identity, gender expression, age, sexual orientation, military status, veteran status, use of or request for family or medical leave, political affiliation, or any other status protected under applicable federal, state or local laws. 

Equal access to programs, services and employment is available to all persons. Those applicants requiring reasonable accommodations as part of the application and/or interview process should notify a representative of the Human Resources Department.