This job post is closed and the position is probably filled. Please do not apply. Work for NS8 and want to re-open this job? Use the edit link in the email when you posted the job!
๐ค Closed by robot after apply link errored w/ code 404 2 years ago
\nDevSecOps Engineers at NS8 have a dual responsibility to uphold and create security standards across all of our environments as well as collaborate with other infrastructure teams to operate a production environment. The DevSecOps team’s responsibility is to “shift left” security, reliability, and availability matters early into the development process for the entire engineering org. Accordingly, the DevSecOps team has 3 focuses, Infrastructure, Security, and Test/QA.\n\nWe value quality work and an attitude to design and review carefully, thoughtfully, and proactively. We are looking for a DevSecOps Engineer who is passionate about high quality code and processes, automated testing, and continuous integration and monitoring and who will maintain high standards through code reviews and daily interactions.\n\nResponsibilities:\n\n\n* Implement SAST/DAST/IAST/RAST, IDS/ADS, SIEM/SOAR and other DevSecOps systems, both vendor and open-source, that deploy and run in Kubernetes clusters and in Concourse CI/CD\n\n* Write Policy-as-Code that ensure various systems are compliant, encrypted, and follow least privilege and zero trust models\n\n* Harden networks, containers, orchestrators, and cloud infrastructure more broadly.\n\n* Proactively assess vulnerabilities, model threats, and write automated penetration tests\n\n* Respond to and forensically analyze security incidents in a production environment, ensuring all compliance requirements and guidelines are followed\n\n* Code review with an eye for correctness, standards-compliance, security holes, new attack vectors, increased attack surface, etc\n\n\n\n\nRequirements: \nExperience with specific technologies listed is not required. We may prefer candidates who know the specific technologies, but we are also open to input on some of these.\n\n\n* Threat modeling and penetration testing experience\n\n* IDS/ADS, SIEM/SOAR, and forensics experience. We use or are looking to implement tools like Sysdig Falco as well as vendors like Aqua Security, Twistlock/Prisma, StackRox, and/or Splunk.\n\n* Experience responding to security incidents and following required reporting and resolution protocols\n\n* Compliance experience, e.g. NIST, SOC-2, SOX, PCI, etc.\n\n* Experience with vulnerability assessments, implementing SAST/DAST/IAST/RAST, and integrating security tooling into CI/CD pipelines. We are using or looking to implement tools like Anchore, Clair, Trufflehog, etc. Cloud. We are migrating to Concourse from CircleCI and some AWS CodeBuild.\n\n* Policy-as-Code experience. We are using or looking to implement tools like Open Policy Agent (OPA), cloud-custodian, terraform-compliance, etc.\n\n* Experience encrypting, hardening, segmenting networks. We are using or looking to implement tools like VPC, Security Groups, WAF, Kubernetes L4 & L7 NetworkPolicy, Istio AuthzPolicy, Istio mTLS, and Cilium encrypted networking.\n\n* Experience writing production code in at least one language. Most of our engineering teams use TypeScript, with some sprinkles of Java, Python, Go, Shell, etc.\n\n\n\n\nPreferred: \nThese experiences are not required, but we will prefer candidates who have one or more of these in addition to the requirements above. \n\n\n* Infrastructure-as-Code experience. We use plenty of YAML, Helm, and some Terraform but are also looking at Pulumi and cdk8s.\n\n* Multi-cloud experience. We primarily use AWS right now, but are starting to use GCP and potentially more in the future. We try to be cloud agnostic, but take pragmatic approaches and consider trade-offs when using managed services.\n\n* Multi-cluster experience. We run several clusters, some of which communicate with each other, currently in a hub-and-spoke model.\n\n* Experience implementing and influencing a DevSecOps workflow for other teams\n\n* Experience working in an Agile/Kanban environment with GitFlow style development on a Remote / distributed team.\n\n* Experience with any of the DevSecOps Team’s other focuses: Infrastructure (linkme) and/or Test/QA (linkme)\n\n\n\n\nVery Preferred: \nThese experiences are also not required, but we will prefer candidates who have one or more of these in addition to the requirements above. \n\n\n* Experience running and securing untrusted, 3rd-party workloads.\n\n* Experience with kernel security and hardening containers and orchestrators. Tools such as distroless, gVisor, kata-containers and SELinux, AppArmor, and seccomp more broadly as well as kube-bench and Polaris.\n\n* Experience with PKI management\n\n\n \n\n#Salary and compensation\n
No salary data published by company so we estimated salary based on similar jobs related to InfoSec, Cloud and Engineer jobs that are similar:\n\n
$80,000 — $120,000/year\n
\n\n#Benefits\n
๐ฐ 401(k)\n\n๐ Distributed team\n\nโฐ Async\n\n๐ค Vision insurance\n\n๐ฆท Dental insurance\n\n๐ Medical insurance\n\n๐ Unlimited vacation\n\n๐ Paid time off\n\n๐ 4 day workweek\n\n๐ฐ 401k matching\n\n๐ Company retreats\n\n๐ฌ Coworking budget\n\n๐ Learning budget\n\n๐ช Free gym membership\n\n๐ง Mental wellness budget\n\n๐ฅ Home office budget\n\n๐ฅง Pay in crypto\n\n๐ฅธ Pseudonymous\n\n๐ฐ Profit sharing\n\n๐ฐ Equity compensation\n\nโฌ๏ธ No whiteboard interview\n\n๐ No monitoring system\n\n๐ซ No politics at work\n\n๐
We hire old (and young)\n\n