Remote Senior Developer SecOps Engineer

About SumerSports:

SumerSports is a leading football intelligence technology company that specializes in providing an innovative suite of products for football fans and NFL clubs. We are a collection of executives, engineers, data scientists, and visionaries from NFL clubs, technology startups, finance, and academia.

Position Summary:

The Senior DevSecOps Engineer will spearhead initiatives to embed security into every aspect of our software development and deployment processes. This role requires an expert understanding of security threats and mitigation techniques, with a strong emphasis on automating security measures to support continuous integration and deployment. The ideal candidate will foster a security-first culture across our engineering teams by innovating through automation and education.

Responsibilities:

• Develop, implement, and lead security strategies and initiatives throughout the development lifecycle to enhance our security posture
• Integrate cutting-edge security tools and practices into CI/CD pipelines, ensuring automated security testing is both efficient and comprehensive
• Continuously assess and mitigate security risks, and manage remediation efforts to handle vulnerabilities promptly
• Foster a culture of security awareness and best practices among the development teams by leading training sessions and workshops
• Ensure compliance with legal, regulatory, and internal policies and frameworks on a day-to-day basis
• Develop and maintain documentation related to security procedures and protocols
• Innovate and implement security solutions using automation to streamline security processes
• Collaborate cross-functionally with development, operations, and data science teams to maintain a unified approach to security and DevOps
• Conduct regular security assessments and audits, and lead the response to security incidents, ensuring quick recovery and mitigation of future risks
• Maintain up-to-date knowledge of the security industry, including awareness of new or revised security solutions, improved security processes, and the development of new attacks and threat vectors

Requirements:

• Strong expertise in Python and libraries for machine learning and data processing
• Extensive experience with Kubernetes, including deployments, scaling, and management of containerized applications
• Hands on experience rolling out security solutions in AWS
• Extensive knowledge of security protocols, cryptography, authentication, authorization, and security vulnerabilities
• Strong experience with automation tools and scripting languages such as Python, Bash, or similar
• Proficient in implementing and using security tools such as OWASP ZAP, Fortify, Snyk, and automated compliance frameworks
• Deep understanding of secure coding practices, ethical hacking, and threat modeling.
• Familiarity with regulatory compliance requirements such as GDPR, HIPAA, SOC 2, etc.
• Extensive experience with automation tools and frameworks in the context of security (e.g., Jenkins, GitLab CI, Travis CI, SonarQube)
• Excellent collaboration and communication skills, with the ability to educate and influence the team on security best practices

Benefits:

• Comprehensive health insurance plan
• Retirement savings plan (401k) with company match
• Remote working environment