DevSecOps Engineer (Cloud Security, GCP, Terraform)

Job Title: DevSecOps Engineer (Cloud Security & Compliance Focus)

Austin, TX (Onsite)

Summary

We are seeking a highly motivated and security-conscious DevSecOps Engineer to join our team. You will be a critical part of our security and compliance efforts, ensuring the integrity and confidentiality of our systems and data. Your hands-on experience with Istio, Envoy, Kubernetes, and Terraform, coupled with your security penetration testing or automated API testing experience, makes you an ideal candidate to drive our security initiatives in a cloud-native environment.

Responsibilities

• Security Architecture and Implementation:
• Design and implement secure cloud-native architectures with a focus on Istio service mesh and Kubernetes container orchestration.
• Harden and secure containerized workloads and microservices using best practices.
• Leverage Terraform for infrastructure as code (IaC) deployments, ensuring security is baked into the process from the start.
• Implement security controls and monitoring solutions to detect and respond to potential threats.
• Compliance and Security Auditing:
• Collaborate with security and compliance teams to ensure adherence to industry standards and regulations.
• Conduct regular security audits and penetration testing to identify vulnerabilities and recommend remediation strategies.
• Develop and maintain documentation for security policies, procedures, and incident response plans.
• DevSecOps Integration:
• Integrate security practices and tools into the CI/CD pipeline to automate security testing and vulnerability scanning.
• Implement and maintain security tools for code analysis, dependency management, and vulnerability tracking.
• Promote a culture of security awareness and collaboration within the development and operations teams.
• Incident Response:
• Participate in incident response activities, including investigation, containment, and recovery.
• Analyze security incidents and identify root causes to prevent future occurrences.
  

Qualifications

• Hands-on Experience:
• Strong practical experience with Istio service mesh, Envoy proxy, Kubernetes, and Terraform.
• Proficiency in security penetration testing methodologies or automated API testing tools.
• Familiarity with cloud security best practices and cloud-native technologies.
• Security and Compliance Knowledge:
• Understanding of security principles, vulnerabilities, and mitigation techniques.
• Knowledge of industry security standards and compliance regulations.
• Experience in conducting security audits and vulnerability assessments.
• Passion for Security:
• A strong desire to stay abreast of the latest security trends and technologies.
• Enthusiasm for sharing knowledge and promoting security best practices within the team.
• Strong Communication and Collaboration:
• Ability to effectively communicate complex security concepts to technical and non-technical stakeholders.
• Excellent teamwork and collaboration skills, working effectively with cross-functional teams.
  

Additional Desirable Skills

• Experience with cloud platforms such as AWS, Azure, or GCP.
• Programming/scripting skills (Python, Java, Bash, etc.)
• Certifications in security and cloud technologies (CISSP, CCSP, etc.)