Lead DevSecOps Engineer

Summary

Join Kaseya, a leading provider of IT infrastructure and security management solutions, as a Lead DevSecOps Engineer. You will design, build, and execute DevSecOps strategies, improving Kaseya's security posture. Responsibilities include defining security standards, securing the SDLC, threat modeling, and integrating security testing into CI/CD pipelines. The ideal candidate is an experienced DevSecOps Engineer with strong leadership, communication, and project management skills. This position offers a 100% remote or on-site option in our Dundalk office.

Requirements

• Technical Expertise: Proficient in DevSecOps practices, with expertise in Linux, Kubernetes, Docker, Jenkins, and cloud platforms (AWS, Azure)
• Coding & Scripting: Advanced skills in Python, Bash, and infrastructure-as-code (e.g., Terraform)
• Security Tools: Experience with vulnerability scanners (e.g., Snyk, WIZ, GitHub advance security…) and SIEM solutions
• Communication: Skilled at cross-functional communication with DevOps, IT, and Security teams
• Prior experience as DevSecOps Engineer
• Working understanding of modern security vulnerabilities and best practices in the SDLC
• Strong understanding of Linux and Windows Operating Systems
• Experience scripting and automating mechanisms in the SDLC
• Working experience in enterprise environments
• Experience on implementing security mechanisms in complex environments
• Strong written and verbal communication skills, with a passion for documentation

Responsibilities

• Define Security Standards: Develop and enforce security best practices, guidelines, and frameworks to be used throughout the DevOps pipeline
• Secure Development Lifecycle (SDLC): Ensure security principles are integrated into each phase of the SDLC, from design to deployment, through security tools, code reviews, and best practices
• Threat Modeling and Risk Assessment: Identify potential threats to applications and infrastructure, evaluating the likelihood and impact of these risks, and working with teams to mitigate them early in development
• CI/CD Pipeline Security: Integrate security testing (such as SAST, DAST, and vulnerability scanning) into CI/CD pipelines to automate security checks and detect vulnerabilities in real time
• Infrastructure as Code (IaC) Security: Implement security measures in IaC, ensuring secure configurations of cloud infrastructure and monitoring for drift from these configurations
• Automated Compliance: Develop automation scripts for continuous compliance checks, ensuring regulatory requirements (like GDPR, HIPAA, or PCI-DSS) are consistently met
• Educate and Train: Conduct security awareness and training sessions for developers, operations, and product teams to foster a security-first culture
• Stakeholder Collaboration: Work closely with other engineering, product, and business teams to align security with organizational goals without compromising agility
• Mentorship and Leadership: Mentor junior security and DevOps engineers, guiding them in implementing secure coding practices, CI/CD security, and other DevSecOps practices
• Evaluate and Implement Security Tools: Research, assess, and implement the right security tools for code scanning, monitoring, vulnerability assessment, and infrastructure security
• Optimize DevSecOps Toolchain: Ensure the toolchain is optimized for performance, security, and scalability while maintaining compatibility with existing development and operational workflows
• Configuration Management and Version Control: Manage secure configuration and version control for systems, ensuring compliance and minimizing the risk of misconfigurations

Preferred Qualifications

• Works effectively under pressure in a fast-paced, dynamic environment
• Strong work ethic and an insatiable desire to learn
• It thrives in a team-based environment leaving ego at the door
• Continuously strive for the betterment of engineering at Kaseya
• Develop and enforce Security standard methodologies, processes, and tools
• Be the bridge between DevSecOps Engineers, Software and Systems engineering
• Identify trends in need of a larger solution, beyond the scope of the immediate problem
• Champion best Security practices within the organization
• Solve complex and challenging problems with simple, maintainable, and scalable solutions

Benefits

This position is 100% in our Dundalk office or remote