DevSecOps Engineer

Summary

Join Deel, a global leader in international payroll and compliance, as a DevSecOps Engineer. You will play a key role in our growth by developing and maintaining automated security tools, designing secure cloud infrastructure, implementing security monitoring, and promoting secure coding practices. Collaborate with cross-functional teams to ensure security requirements are met and assist with compliance assessments. This exciting opportunity offers the chance to work with experienced professionals in a supportive environment and contribute to a market-leading platform. Deel offers competitive pay and benefits, including remote work flexibility and stock grant opportunities.

Requirements

• 3+ years of relevant DevOps, SecOps, DevSec work experience in Production environments
• Familiarity with security principles, standards, and best practices is essential. This includes knowledge of common security vulnerabilities (e.g., OWASP Top 10), secure coding practices, encryption, authentication, access control, and security testing methodologies
• Proficiency in DevOps methodologies and tools is important. This involves understanding CI/CD pipelines, infrastructure automation (e.g., using tools like Docker, Kubernetes), configuration management, and monitoring/observability practices
• The ability to assess risks and apply appropriate security controls is crucial. Understanding threat modeling, risk assessment techniques, vulnerability management, and incident response planning can help identify and mitigate security risks effectively
• DevSecOps requires effective collaboration and communication skills. You should be able to work closely with cross-functional teams, including developers, security professionals, and operations personnel, to promote security practices and integrate security seamlessly into the development process

Responsibilities

• Develop and maintain automated security tools and processes to identify vulnerabilities, perform code analysis, and conduct security testing. This includes integrating security scanners, static code analysis tools, and vulnerability assessment tools into the CI/CD pipeline
• Work with infrastructure and operations teams to design and implement secure cloud infrastructure, network architecture, and deployment processes. This involves ensuring proper access controls, encryption, and monitoring are in place
• Implement security monitoring tools and processes to proactively identify and respond to security events and anomalies. This includes log analysis, intrusion detection, and system monitoring
• Promote and enforce secure coding practices within the development teams. Provide guidance on secure coding techniques, code reviews, and security testing methodologies
• Foster collaboration and communication between development, operations, and security teams. Act as a liaison to ensure that security requirements are understood and integrated into the development process
• Assist in compliance assessments and audits to ensure adherence to regulatory requirements and industry standards. Collaborate with auditors and provide necessary documentation and evidence of security controls

Preferred Qualifications

• Basic programming skills and experience with software development practices is desired. Understanding languages like JavaScript, TypeScript, Python and concepts such as version control (e.g., Git), continuous integration/continuous delivery (CI/CD) pipelines
• Proficiency in automation tools and technologies is beneficial. Knowledge of tools like security scanners (e.g., SAST, DAST), vulnerability management systems, log analysis tools, and security-focused frameworks can help automate security processes and improve efficiency
• Obtaining relevant security certifications, such as Certified Secure Software Lifecycle Professional (CSSLP), Certified Ethical Hacker (CEH), or Certified Information Systems Security Professional (CISSP), can enhance your credibility and demonstrate your commitment to security practices

Benefits

• Provided computer equipment tailored to your role
• Stock grant opportunities dependent on your role, employment status and location
• Additional perks and benefits based on your employment status and country
• The flexibility of remote work, including WeWork access where available