Who we are

DoubleVerify (NYSE: DV) is the leading independent provider of marketing measurement software, data, and analytics that authenticates the quality and effectiveness of digital media for the world's largest brands and media platforms. DV provides media transparency and accountability to deliver the highest level of impression quality for maximum advertising performance. Since 2008, DV has helped hundreds of Fortune 500 companies gain the most from their media spend by delivering best in class solutions across the digital ecosystem, helping to build a better industry. Learn more at www.doubleverify.com.

 

Job Overview: 

The Sr. DevSecOps Engineer will be responsible for delivering the global application security program within the CISO/Information Security team.

The Sr. Application Security Engineer will lead and provide updated guidance and hands-on support to DoubleVerify’s development and software/engineering teams on the current secure SDLC and software development security standards.

The individual will also lead the testing of the security controls of DoubleVerify’s applications and implementation of architecture and operational projects to improve DoubleVerify’s hybrid, application security posture. 

The Sr. DevSecOps Engineer will be also responsible for integrating security automation into DevOps processes, enhance DoubleVerify’s cloud security posture, and will lead the secure development training program. 

Additionally, the position will support the broader information security team (Governance Risk and Compliance, Security Operations, and IT Security). 

 

Responsibilities and Duties:

  • Implement Application Security/DevSecOps across DV which covers areas such as integrating security into build automation, deployment automation, test automation, SDLC orchestration, environment management, monitoring, and production release procedures
  • Promote DevSecOps culture and train development and DevOps teams secure development and secure SDLC
  • Mastering subject matter expertise for enterprise customers within DV’s web application security program 
  • Drive adoption of DevSecOps tools and practices including application security testing including automating security (within hybrid technology environment) 
  • Be engaged in all aspects of DevSecOps implementation and enhance security throughout
  • Ability to apply security knowledge and experience in a DevOps development lifecycle
  • Development and implementation of cloud security, container security and infrastructure as code security concepts, principles, and best practices
  • Enhance DV’s cloud security posture and application attack surface management by advising and assist implementing cloud security with DevOps and CloudOps personnel
  • Supporting the creation and curating application security reports and metrics to DV stakeholders 
  • Deliver secure training to DV’s global software developers/engineers
  • Execute, liaise, and report on penetration testing results to DV application and infrastructure stakeholders 
  • Ability to perform technical integrations with SIEM tools
  • Support Information Security department leads including but not limited to Governance Risk and Compliance (GRC), Security Operations (Incident Response, Monitoring etc.), and IT Security (TVM, additional security tools etc.) 
  • Assist in Merger & Acquisition (M&A) security-related activities 

Qualifications:

  • 5+ years’ experience in application security including proficiency in AppSec concepts such as those in OWASP top 10, secure SDLC, agile methodologies and transformations etc. 
  • 3+ years’ experience in one or more security testing tools, including Static Analysis, Software Composition Analysis and/or Dynamic Analysis (e.g. Veracode, Checkmarx, Snyk, NetSparker, Acunetix, Qualys WAS etc.) 
  • Experience with hands-on development as a software engineer/developer
  • Knowledge in CI/CD, securing the pipeline, best practices and tools (i.e. Gitlab/GitOps, TeamCity, Ansible) 
  • Great understanding of GCP or AWS security and DevSecOps
  • Understanding of one or more of the following languages: Python, Scala, Java, .Net, C#, JavaScript, TypeScript, SQL
  • Familiarity with infrastructure as code security
  • Familiarity with container security
  • Experience performing assessments against applications and their underlying infrastructure, configuration, and deployment strategy
  • Good leadership, communication (written and oral) and interpersonal skills 
  • Understanding of data security and experience handling PII
  • Bachelor’s Degree or higher in Computer Science or related field (Engineering, Computer Science, Mathematics Information Systems, etc) or equivalent technical experience
  • Good to have but not necessary industry recognized certification in security (e.g., CISSP, CISM, CEH, OSCP, OSWA, GWAPT, GPEN, GCSA, GCLD, CCSK, CCSP, etc.) 

Apply for this Job

* Required
resume chosen  
(File types: pdf, doc, docx, txt, rtf)
cover_letter chosen  
(File types: pdf, doc, docx, txt, rtf)


Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in DoubleVerify’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.


Form CC-305

OMB Control Number 1250-0005

Expires 05/31/2023

Voluntary Self-Identification of Disability

Why are you being asked to complete this form?

We are a federal contractor or subcontractor required by law to provide equal employment opportunity to qualified people with disabilities. We are also required to measure our progress toward having at least 7% of our workforce be individuals with disabilities. To do this, we must ask applicants and employees if they have a disability or have ever had a disability. Because a person may become disabled at any time, we ask all of our employees to update their information at least every five years.

Identifying yourself as an individual with a disability is voluntary, and we hope that you will choose to do so. Your answer will be maintained confidentially and not be seen by selecting officials or anyone else involved in making personnel decisions. Completing the form will not negatively impact you in any way, regardless of whether you have self-identified in the past. For more information about this form or the equal employment obligations of federal contractors under Section 503 of the Rehabilitation Act, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

You are considered to have a disability if you have a physical or mental impairment or medical condition that substantially limits a major life activity, or if you have a history or record of such an impairment or medical condition.

Disabilities include, but are not limited to:

  • Autism
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, or HIV/AIDS
  • Blind or low vision
  • Cancer
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or hard of hearing
  • Depression or anxiety
  • Diabetes
  • Epilepsy
  • Gastrointestinal disorders, for example, Crohn's Disease, or irritable bowel syndrome
  • Intellectual disability
  • Missing limbs or partially missing limbs
  • Nervous system condition for example, migraine headaches, Parkinson’s disease, or Multiple sclerosis (MS)
  • Psychiatric condition, for example, bipolar disorder, schizophrenia, PTSD, or major depression

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.