Staff DevOps Engineer - Security

Summary

Join our team as a Staff DevOps Engineer - Security and help us achieve our goal of zero security incidents by developing and implementing security improvements and safeguards.

Requirements

• Strong knowledge and 5+ years’ experience in Computer Science, Information Security, or related field (or equivalent work experience)
• TCP/IP and other network protocols
• Computer systems and their security functions including authentication, access control, and auditing
• Securing Windows and Linux-based environments
• CI/CD pipelines using GitHub
• AWS Containerization like Fargate
• Entry point tools and applications such as firewalls, WAF, CDN, APIs
• Endpoint solutions such as Anti-virus software
• In depth knowledge of AWS environments and their security services
• Scripting with Powershell, Bash, AWS CLI
• Managing Security tools: such as MFA, SIEM
• Strong understanding of Security frameworks such as NIST, ISO
• Strong understanding of application security
• Ability to work independently

Responsibilities

• Incorporate A Place for Mom Values into each customer and co-worker interaction
• Perform configuration, network, and application technical vulnerability assessments, identify vulnerabilities, validate their relevance, and work with teams to remediate them
• Design and implement security solutions across infrastructure and applications to ensure 'secure by default' principles are followed
• Monitor, analyze, and respond to alerts from automated logging and monitoring tools
• Respond to security related requests, events, and incidents; perform triaging and investigation as needed; and provide the fixes as appropriate
• Analyze security threats, vulnerability assessments, and audit results to identify the root cause and recommend or implement security solutions that enable business objectives
• Lead the development and enforcement of security standards, policies, and procedures
• Collaborate with other teams to support response efforts to security-related findings or concerns and drive to resolution
• Analyze mean time to remediation, incident response times, and other security metrics and provide assessment reports
• Develop and maintain automated security testing and scanning tools
• Maintain up-to-date knowledge of the IT security industry including awareness of new or revised security solutions and improved security processes
• Evangelize a culture of security to the rest of the company through education, support, and empathy
• Stay up-to-date on the latest security threats, vulnerabilities, and trends

Benefits

• 401(k) plus match
• Dental insurance
• Health insurance
• Vision Insurance
• Paid Time Off