DevSecOps Engineer II - SaaS

About The Position

Requirements

• 2+ years of DevOps Engineering experience; experience working in a SaaS environment
• Linux and Windows administration and shells
• Familiarity with cloud provider ecosystems (Amazon AWS & Azure)
• Experience with DevOps tools and concepts such as writing Infrastructure as Code (IaC)
• Ability to perform Continuous Integration and Continuous Delivery (CI/CD), as well as other forms of automation, via modern systems such as GitHub Actions, GitLab, CircleCI, and more
• Familiarity with at least one automation-friendly programming language (Python, TypeScript/JavaScript, Go, Rust, Ruby, and more), or skilled in other languages and willing to expand your horizons
• Ability to define and deploy monitoring, metrics, and logging systems on AWS & Azure
• Experience with using application security validations tools for pentesting, component analysis, static analysis and/or dynamic analysis
• Interest in learning new technologies and techniques as a routine part of the job
• Ability to communicate the need for changes in a collaborative manner while maintaining focus on core objectives
• Bachelor's degree in Computer Science, Engineering, Information Systems, Data Science or a related field, or another technical degree and position-relevant experience.

Nice To Haves

• Working knowledge of security risk frameworks (OWASP Top 10, SAN 25, BSIMM)
• Experience with WAF implementation, threat modelling
• Experience with Kubernetes, service mesh, container security
• Familiarity with the Jenkins automation platform
• Familiarity with development languages used for desktop/server application development (C, C++, Java, C#)
• Experience in integrating test and security automation into CI/CD pipelines, like Selenium, GitHub Advanced Security tooling, and pull-request checks.
• Working knowledge of Configuration Management tools such as Chef, Configuration-as-Code such as CloudFormation or Terraform
• Good technical presentation skills
• Working knowledge of Git
• Knowledge of security & privacy frameworks such as FedRAMP, ISO 27001, and GDPR
• Familiarity with Esri software
• Information security or technical certifications such as CISSP, SSCP, GSE, OSCP is desirable

Responsibilities

• Create, develop, and implement solutions to address infrastructure, platform, application, and SaaS security/compliance requirements
• Create/maintain infrastructure and tools for secure software development and release, such as software analysis tools and automated report generation/alerting from derived data
• Research and recommend tools and practices to improve security of Esri products, such as telemetry and monitoring, secure development patterns, and DevSecOps methodologies
• Consult/assist other teams in adopting and effectively using the tools, practices, and information described above
• Work closely with SaaS DevOps team to engineer and implement cloud security controls
• Provide AWS and Azure Infrastructure/Systems Administration functions
• Contribute to the creation of documentation on recommended practices, procedures, and tools described above

Benefits

• medical
• dental
• vision
• basic and supplemental life insurance for employees (and their families)
• 401(k) and profit-sharing programs
• minimum accrual of 80 hours of vacation leave
• twelve paid holidays throughout the calendar year
• opportunities for personal and professional growth