Job Information
RadarFirst Sr DevSecOps Engineer in United States
We are seeking a Sr DevSecOps Engineer to join our team. The Sr DevSecOps Engineer will be responsible for the design and development of builds, scripts, installation procedures, and the management of systems to facilitate the secure software development life cycle (SDLC) and ensure the ongoing health and security of our development and customer facing application infrastructure.
This position can be based out of our HQ in Portland, OR, or remote from anywhere in the U.S.
Our Technical Stack:
Our front end is built in an up-to-date version of Angular, leveraging Material Design for a sleek and consistent style. For robustness and productivity, we use statically-typed languages: TypeScript in the front end, backed by HTTP services written in Go and Nest.js.
Technologies currently in use; Packer, Ansible, Docker, Terraform, CloudFormation, Python, Go, Bash, datadog and git.
We deploy on Amazon EC2 and ECS using a variety of AWS cloud services; including RDS-hosted Postgresql, S3, OpenSearch, Lambda, and SES. Continuous integration and delivery are supported by TeamCity. Slack, Jira, and Google's productivity suite facilitate communication and planning.
Essential Responsibilities & Duties:
Design, implement and monitor enterprise-grade secure fault-tolerant infrastructure.
Keep up to date on AWS technologies that could benefit the reliability and performance and recommend infrastructure improvements.
Define and evolve Build & Release best practice by working with teams and educating the other stakeholder teams. These best practices should support traceability & auditability of change.
Ensure continuous availability of various DevOps tools supporting SCM & Release Management including Source Control, Containerization, Continuous Integration, & Change Management. (Jenkins, Docker, JIRA, SonarQube, Terraform, Google Cloud CLI).
Work with cross-functional co-located teams in design, development and implementation of enterprise scalable features related to enabling higher developer productivity, environment monitoring and self-healing, and facilitating autonomous delivery teams.
Build infrastructure automation tools and frameworks leveraging Docker.
Will operate as a technical expert on DevOps and SecOps Infrastructure projects pertaining to Containerization, systems management, design and architecture. Perform performance and yes - analysis and optimization, monitoring and problem resolution, upgrade planning and execution, and process creation and documentation.
Integrate newly developed and existing applications into cloud environments.
Conduct cloud assessments, planning and migration activities between cloud environments and services.
Automate and streamline deployment processes, minimizing manual intervention and improving system efficiency in a scalable, secure and reliable manner
Leverage application monitoring tools to troubleshoot and diagnose environment issues.
Have a culture of automation where any repetitive work is automated
Define and evolve Build & Release best practice by working within teams and educating the other stakeholder teams. These best practices should support traceability & auditability of change.
Help grow the team by mentoring team members.
Work closely with the Compliance team to maintain security compliance.
Qualifications:
At least 6 years experience in DevOps, SecurityOps, DevSecOps, or related roles supporting production software and dev teams
Proficiency in development with multiple technology stacks and programming languages, eg: Go, Python
Scripting experience (shell, python, ruby) for assisting in monitoring and automation
Information security, data privacy and compliance knowledge.
Authentication/authorization implementations.
Application of encryption at rest and in transit
Certificates/secrets implementations
Implementing security in public clouds (AWS, Azure, GCP), with at least 3 years specific experience in either AWS or Azure.
Secure microservices architectures in a cloud-native environment.
Understanding of networking.
Knowledge of different deployment models (Container, Serverless, Cloud, PaaS, IaaS
Ability to work with diverse, remote, and distributed teams across multiple regions and time zones.
Strong understanding of application development methodologies.
Adept at evaluating problems accurately and displaying sound judgment.
SDLC practices in DevOps, CI/CD environment.
OWASP Top 10, SANS CWE, OpenSAMM, BSIMM, etc.
Penetration testing, vulnerability scanning
Implementation of security monitoring tools.
Implementing pipelines that make use of SCA, SAST, DAST, IAST and RASP solutions.
What is Nice to Have:
Certification(s) and or training(s) such as:
SANS/SEC-540: Cloud Security and DevSecOps Automation
Systems Security Certified Practitioner (SSCP)
Certified Information Systems Security Professional (CISSP)
Certified Authorization Professional (CAP)
Certified Secure Software Lifecycle Professional (CSSLP)
HealthCare Information Security and Privacy Practitioner (HCISPP)
Research shows that people who identify as being from underrepresented groups are more likely to doubt the strength of their qualifications, so we encourage you to submit an application if you're interested in this role despite any reservations you may have about your background or skill set.
Who We Are
At RadarFirst, our mission is to solve complex data privacy challenges with innovation. We are revolutionizing incident response management using automated, smart, and purpose-built SaaS technology. RadarFirst is a pioneer in the privacy field, recognized for its innovation with multiple patents and high-profile industry awards. Our customers include some of the nation’s largest healthcare, insurance, financial, and government organizations.
Our Values
Respect & Candor
Inclusion & Innovation
Integrity & Empathy
Why Join RadarFirst?
At RadarFirst, our team is filled with smart, thoughtful, and forward-thinking contributors who are experts at what they do. Our culture of innovation and trust is paramount to our success. We work hard, but we also encourage and support a healthy work/life balance. We offer a generous package of benefits and perks that make RadarFirst a great place to work, including:
Comprehensive benefits that include medical and dental, 401k, Life and Disability insurance, unlimited PTO, paid holiday time, 12 weeks paid parental leave, and company stock options. Plus flexible spending accounts for medical, dependent care, and commuter expenses
Community outreach programs to encourage giving back to our community both as a group and individually
Commitment to anti-racism work and accountability to our short-term and long-term equity & inclusion action plan
RadarFirst is a community-first organization, operating on a hybrid model. We actively support all employees working in the way they need. For those who wish to work from the office, these are some features of our downtown Portland office:
On-site amenities such as indoor bike racks, showers, lockers, and gym facilities
Casual work environment in an ideal central location, close to great food, shopping, and transportation options
This employer participates in E-Verify and will provide the federal government with your Form I-9 information to confirm that you are authorized to work in the U.S. If E-Verify cannot confirm that you are authorized to work, this employer is required to give you written instructions and an opportunity to contact Department of Homeland Security (DHS) or Social Security Administration (SSA) so you can begin to resolve the issue before the employer can take any action against you, including terminating your employment. Employers can only use E-Verify once you have accepted a job offer and completed the Form I-9.
The salary range for this role is $135,000 - $150,000 a year.
#LI-REMOTE
#LI-DNI