Senior DevSecOps Engineer

Summary

Join Veriff's Engineering team as a Senior DevSecOps Engineer and play a crucial role in securing and optimizing our infrastructure on AWS. You will enhance network infrastructure, manage firewalls and security groups, elevate Kubernetes network security, leverage Istio for network mesh security, and implement network threat detection. This role requires strong expertise in network security and infrastructure optimization, proficiency in AWS security tools, and experience with Kubernetes and service mesh technologies. You will collaborate with cross-functional teams, ensuring our network infrastructure aligns with business goals and security best practices. Veriff offers a range of benefits, including flexible work arrangements, stock options, extra recharge days, relocation support, comprehensive insurance, learning and development budget, and sabbatical leave.

Requirements

• Strong expertise in networking and infrastructure optimization, especially within AWS environments
• Proficiency in firewall management and securing cloud networks using AWS security groups, NACLs, and other best practices
• Experience with Kubernetes network security, ensuring secure pod-to-pod communication, ingress/egress traffic control, and service-level security
• Deep knowledge of service mesh technologies, particularly Istio, including mutual TLS, traffic management, and security policies
• Hands-on experience with AWS GuardDuty and WAF, optimizing and securing these tools for threat detection and response
• Advanced knowledge of cloud security best practices, including frameworks like the AWS Well-Architected Framework, CIS Benchmarks, and regulatory standards such as SOC 2, GDPR, and PCI-DSS
• Experience with observability and monitoring tools, including Prometheus, Grafana, AWS CloudWatch, and VPC Flow Logs, to monitor and optimize network performance
• Strong communication skills, with the ability to collaborate with cross-functional teams and influence decision-making
• A passion for proactive security and performance optimization, always looking for ways to enhance reliability, reduce risk, and improve user experience

Responsibilities

• Enhance Network Infrastructure on AWS: Continuously improving and optimizing network architecture within AWS, ensuring scalability, performance, and security across all systems
• Manage Firewall & Security Groups: Implementing and managing AWS security groups, NACLs, and firewalls to safeguard the network from external and internal threats
• Elevate Kubernetes Network Security: Strengthening the security of Kubernetes networking, focusing on pod-to-pod communication, ingress/egress traffic control, and service-level security
• Leverage Istio for Network Mesh Security: Implementing and managing Istio within AWS, ensuring secure service-to-service communication, including mutual TLS, authentication, and authorization policies
• Network Threat Detection: Monitoring and analyzing network traffic on AWS for potential threats using tools like GuardDuty, VPC Flow Logs, and CloudWatch
• Ensure Compliance & Best Practices: Aligning AWS network security configurations with industry standards and regulatory compliance frameworks (e.g., SOC 2, GDPR, AWS Well-Architected Framework)
• Drive Proactive Vulnerability Management: Automating security testing in the CI/CD pipeline using tools like AWS Inspector, proactively addressing vulnerabilities early
• Optimize Network Performance: Applying your expertise to optimize network data flow, improve performance, and reduce latency across cloud and on-prem systems
• Collaborate Across Teams: Working closely with InfoSec, DevOps, and other teams to ensure our network infrastructure is secure, optimized, and aligned with the broader business goals

Preferred Qualifications

• Experience with other service meshes beyond Istio, such as Linkerd or Consul
• Security certifications, such as AWS Certified Security Specialty, CISSP, or CISM
• Experience with DevSecOps tooling and practices to automate security into the development lifecycle

Benefits

• Flexibility to work from home
• Stock options that ensure your share in our success
• Extra recharge days on top of your annual vacation
• Comprehensive relocation support to Estonia or Spain
• Extensive medical, dental, and vision insurance to ensure you’re feeling great physically and mentally
• Learning and Development & Health and Sports budget that you are free to tailor to your own needs
• Four weeks of fully paid sabbatical leave after reaching your 5th work anniversary