Xometry is hiring a
Senior DevSecOps Engineer

Summary

Xometry is seeking a senior-level cybersecurity professional with experience in DevSecOps, network security, or security architecture. The role involves integrating security into the CI/CD pipeline, designing and maintaining security automation tools, developing and enforcing security policies, performing regular security assessments, managing infrastructure as code, automating security tasks, staying updated with security trends, and participating in incident response. The candidate must have a minimum of 5+ years of experience in DevSecOps or related fields, proficiency with AWS or GCP/Azure, CI/CD tools, Kubernetes, IaC tools, Python and shell scripting, and strong communication skills.

Requirements

• Minimum of 5+ years of experience in DevSecOps, DevOps, or a related field, with a strong focus on security
• Experience with AWS or deep fluency in one of GCP or Azure, with a strong desire to expand knowledge into AWS
• Proficiency with CI/CD tools such as Github Actions, Jenkins, GitLab CI, or CircleCI, and experience in integrating security tools into these pipelines
• Hands-on experience with Kubernetes, including securing and managing clusters in production environments
• Proficiency with infrastructure as code (IaC) tools such as Terraform, OpenTofu, or CloudFormation
• Strong programming skills in Python and shell scripting for automation and security tasks
• Knowledge of security best practices, including secure coding, encryption, authentication, and access control
• Excellent problem-solving skills, with the ability to troubleshoot complex security issues
• Strong communication skills, with the ability to convey technical security information to non-technical stakeholders
• Must be a US Citizen or legal permanent resident (Xometry handles ITAR data)

Responsibilities

• Collaborate with development, operations, and security teams to integrate security into the CI/CD pipeline
• Design, implement, and maintain security automation tools and processes to identify, manage, and remediate vulnerabilities in the development and production environments
• Develop and enforce security policies, standards, and best practices for cloud-based and on-premises infrastructure
• Monitor and analyze security vulnerabilities and incidents, providing timely and effective remediation
• Perform regular security assessments, including code reviews, vulnerability scans, and penetration tests, to ensure the security of applications and infrastructure
• Implement and manage security tools such as firewalls, intrusion detection/prevention systems, and endpoint protection
• Work with development teams to ensure secure coding practices and compliance with security standards
• Lead efforts to secure Kubernetes clusters and containerized environments
• Manage infrastructure as code (IaC) using tools like Terraform, OpenTofu, or CloudFormation to ensure secure and scalable deployments
• Automate security tasks and processes using Python and shell scripting
• Stay up-to-date with the latest security threats, technologies, and industry trends, and apply this knowledge to enhance the security posture of the organization
• Participate in incident response and disaster recovery planning and execution

Preferred Qualifications

• Experience in security architecture and designing secure systems
• Knowledge of JavaScript and securing JavaScript-based applications
• Relevant certifications such as CISSP, Security+, or AWS Certified Security – Specialty
• Experience with automating security in a microservices architecture

Benefits

• Xometry believes in diversity, equity, inclusion and belonging. They are committed to welcoming, respecting, and valuing people for who they are as individuals, learning from their differences, embracing their uniqueness, and providing a positive workplace for all
• Xometry is an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran, or disability status