Remote Security Operations Engineer

Summary

The job is for a Security Operations Engineer at Cars Commerce, responsible for ensuring the security of software development and deployment processes, collaborating with various teams to integrate security practices throughout the software development lifecycle, and staying updated with the latest security trends and best practices.

Requirements

• Bachelor's degree in Computer Science, Information Security, or related field (or equivalent experience)
• 3+ years experience in SecOps cloud roles
• Proven experience in DevOps or software development roles, with a focus on security
• Understanding of DevOps principles and methodologies
• Hands-on experience with AWS cloud platforms and containerization technologies (e.g., Docker, Kubernetes)
• Proficiency in scripting languages such as Python, PowerShell, or Bash
• Experience with security tools such as vulnerability scanners, intrusion detection systems (IDS), and security information and event management (SIEM) solutions
• Familiarity with compliance standards such as PCI DSS, HIPAA, and GDPR
• Excellent communication and collaboration skills, with the ability to work effectively in a team environment

Responsibilities

• Implement and manage security tools and technologies within the CI/CD pipeline
• Conduct security assessments, code reviews, and penetration testing to identify and address vulnerabilities
• Implement security controls and best practices for infrastructure as code (IaC) and cloud environments
• Automate security testing and compliance checks using scripting and configuration management tools
• Monitor and analyze security events and incidents, responding promptly to mitigate threats
• Provide guidance and support to development and operations teams on secure coding practices and infrastructure configurations
• Stay up-to-date with the latest security trends, vulnerabilities, and industry best practices
• Collaborate with cross-functional teams to prioritize security initiatives and drive continuous improvement
• Upon detection of a security incident, support a thorough investigation to assess the scope and impact of the incident
• Analyze logs, network traffic, and system configurations to identify the root cause of the incident and determine the extent of any compromise
• Collaborate with development, operations, and security teams to gather relevant information and context for incident analysis
• Implement mitigation strategies to contain and remediate the security incident promptly
• Utilize automation tools and scripts to facilitate rapid response and recovery efforts
• Coordinate with relevant stakeholders to deploy patches, updates, or configuration changes to address vulnerabilities and prevent further exploitation

Preferred Qualifications

• Security certifications such as CISSP, CEH, or AWS Certified Security Specialty
• Experience with infrastructure as code tools (e.g., Terraform, Ansible, Chef)
• Knowledge of secure software development frameworks (e.g., OWASP)
• Experience with DevSecOps tools and practices (e.g., DevSecOps automation, shift-left security)

Benefits

• Medical, Dental & Vision Healthcare Plans
• 401(k) with Company Match + Immediate Vesting
• New Hire Stipend for Home Office Set-Up
• Employee Stock Purchase Program
• Generous PTO
• Refuel - a service based recognition program where employees receive additional paid time away to learn grow and reset
• Paid Holidays, Floating Holiday, Volunteer Day, Recharge Day