Sr. SecOps Engineer
Reason this role is for you: Our client has a SaaS service management platform that empowers K-12 schools to run efficiently, allowing for a better classroom experience for students to thrive.
They are seeking a Sr SecOps Engineer to provide leadership to maintain the security of the platform. This role will use industry best practices and their own ingenuity to ensure that our deployed platform is secure and that new solutions are compliant before they leave development. You will help to shift as much security left as possible to make sure our customers can continue to trust us with their information.
A successful candidate will be someone who has been through the fire and earned the experience to know what risks to be concerned with and how to mitigate them. A life-long learner, always looking to stay up to date with the latest attack vectors, vulnerabilities, remediation, and protection paradigms.
This role can be 100% remote with the option to go into the Atlanta office, if desired.
- Advise organization management, develop, and execute plans for compliance and mitigation of risk
- Analyze trends, news, and changes in the threat and compliance environment with respect to organizational risk
- Develop monitoring and visibility capabilities to detect threats early and implement mitigation strategies
- Report on vulnerabilities, trends, and any potential incidents
- Coordinate remediation and patching for long-running systems and ensure ephemeral environments are using the most recent stable software versions
- Perform risk and compliance assessments as well as engage and coordinate third-party risk and compliance assessments
- Manage certificates to ensue the encryption of all sensitive information in transit and at rest
- Design and implement authentication strategies for sensitive systems, including password management and multifactor strategies
- Contribute to the design of information and operational support systems
- Oversee the company’s security, backup, and redundancy strategies design and test them regularly
- Securing the SDLC process via automation and security processes in CI/CD pipeline
- Architecting and continuously improving infrastructure for cloud-based services and client interfaces
- Analyzing security systems, audits, and seeking improvements on a continuous basis
- Developing, documenting, and maintaining DevSecOps implementation for the team
- Integrating DevSecOps tools and services (code repository, artifact repository, source code analyzer, security scanning, testing tools, and an orchestrated integration and delivery platform) to enable automated application building, testing, and securing of our deployments
- Creating and designing IaC solutions to promote services through the development, test, and production environments.
- Collaborating with team leads and management across the company to define shared security capabilities
- Conducting technical Root Cause Analysis on vulnerabilities and identifying areas for further research, education, or testing
- 4+ years of Security Engineering experience
- Experience reviewing OWASP or similar vulnerability definitions and creating controls to mitigate them
- 4+ years of Azure Experience + Azure Security Tools
- Experience with a Static Code Analyzer (such as SonarCube)
- Experience in performing security vulnerability assessments, good familiarity with regulations like PCI and SOX.
- Proficiency with at least two scripting languages: Kubernetes, Docker, YAML, Python, Powershell, C#
- Experience extracting pertinent security data from SIEM solutions logs and reports
- Knowledge of one or more SSO methodologies (SAML, LDAP, MS AD)
- Advanced proficiency working with multiple vendor API’s for both automation and reporting – comfortable with REST, SOAP, XML, JSON, SQL & KQL.
- Advanced knowledge of both Windows Server and Linux operating systems
- Web Services
- 4+ years of experience spanning at least two IT disciplines, including technical architecture, application development, or operations
Nice to Have:
- Understanding of software and database architecture concepts
- Microsoft C# .net coding experience
- Microsoft SQL & Mongo
- Nginx (or similar)
- Azure DevOps, Jenkins, CircleCI
- Azure Search, ElasticSearch & SEIM
- One or more recognized security and cloud specific certifications, e.g., CCSP, SSCP, CISSP, CCSK
- 4% 401K match
- Annual bonus
- Comprehensive medical/dental/vision plans
- PTO + paid holidays
- We facilitate whole-person growth where employees are able to develop personally as well as professionally.
- Energetic and collaborative environment, everyone's opinion matters!
- Excellent work/life balance.
- An amazing Downtown Atlanta office location