Senior DevSecOps Engineer

Summary

Join Wherobots' dynamic team as a DevSecOps or Cloud Infrastructure Engineer with a security background. You will focus on implementing and strengthening the company's security and compliance posture, defining and implementing infrastructure-as-code, and delivering a secure, reliable, and highly-available enterprise SaaS solution. You will champion security, automate security processes, secure cloud infrastructure, ensure compliance, respond to incidents, implement monitoring and logging, and stay current on security best practices. Wherobots is a 100% cloud-native company using modern tools and technologies. The role offers competitive compensation and benefits, including flexible work arrangements.

Requirements

• Strong technical background, including 5+ years of experience in a DevSecOps, cloud infrastructure, or related roles, with a focus on security automation and compliance in cloud-native SaaS environments, reducing friction, and shifting left security and compliance activities
• Proficiency in Python, Bash, Terraform, Docker, and Kubernetes
• Hands-on experience with cloud platforms such as AWS and/or Google Cloud
• Hands-on experience with SDLC and CI/CD platforms such as GitHub or GitLab
• Experience deploying and operating security tools like SAST/DAST scanners, vulnerability management solutions (e.g., Nessus, Qualys), and intrusion detection systems
• Solid understanding of networking, databases, cloud environments, Linux-based operating systems, command-line tools, modern web technologies and protocols
• Excellent problem-solving and troubleshooting skills
• Strong communication and collaboration abilities, with a proven track record of working effectively in a hybrid or distributed team environment

Responsibilities

• Champion Security: Promote a security-first mindset within the development team, advocate for secure coding practices, and guide the organization towards secure-by-design principles
• Automate Security: Design, implement, and maintain automated security tools and processes in our CI/CD pipelines. This includes static/dynamic code analysis, vulnerability scanning, and security testing
• Infrastructure Security: Harden our cloud infrastructure (AWS, GCP, or Azure) by implementing security best practices, monitoring for threats, and responding to incidents
• Compliance and Auditing: Ensure our systems and processes comply with relevant security standards and regulations. Assist with security audits and penetration testing
• Incident Response: Develop and maintain incident response plans for security incidents. Participate in incident response activities, including investigation, containment, and remediation
• Monitoring and Logging: Implement robust monitoring and logging solutions to detect and analyze security events
• Stay Current: Keep abreast of the latest security threats, vulnerabilities, and best practices

Benefits

• Competitive compensation, equity, and benefits
• Base salary range for this position is $175k-$275k per year
• Flexibility and choice in the working arrangement for most roles, including remote and/or in-office roles
• Competitive benefits package to all full-time employees, including 100% coverage of medical, dental, and vision insurance, access to a 401(k) plan with employer match, and unlimited PTO