At SimpliSafe we design, develop, manufacture, and sell our own line of wireless home security systems: home sensors, cameras, and locks. Our technology and service platform secures the homes of millions of Americans without the hassles, contracts, or fees of traditional Home Security. Protecting the families of our customers is a tremendous responsibility, so we need Senior DevSecOps Engineer to help build, develop and drive our security program. With each release, we have new and complex problems to unravel.
As a Senior DevSecOps Engineer, you will partner with the larger engineering organization to design, implement, and configure real-time security controls to protect physical and information assets. You will deepen your knowledge of application security concepts as you perform thorough data sanitization or learn the internals of AES encryption. With our strong security-conscious culture, you will frequently face captivating security challenges that will require you to balance the practical needs of the business with strong security controls.
Do you want to focus on value-generating projects to help secure a rapidly growing business with ambitious goals? Are you excited to flex your interpersonal skills to collaborate with teams and communicate to the wider organization? Can you test a software application, find and reproduce its vulnerabilities, and teach members of the engineering organization how to patch them? If you answered yes to these questions, then please apply.
Strong candidates will have experience in governance, risk, and compliance strategies, but will have a preference toward the technical details. They will be comfortable with at least one scripting language and have proficiency in cloud infrastructure management on platforms such as Google Cloud or AWS.
- Deploy and manage security tools to cloud infrastructure platforms such as Google Cloud or AWS
- Complement compliance team efforts with technical feedback and support
- Operate in a security architect and/or evangelist capacity to inform network, host-level, IoT, mobile, and application development strategies
- Design and implement technical security measures to support policies and prove compliance.
- Collect security-related metrics and increase security visibility across the organization
- Guide “shift-left” paradigm adoption by strategically introducing security testing mechanisms into our CI/CD pipelines (SAST, DAST, RASP, and/or IAST)
- Establish SDLC/OSS compliance system based on automated scanning and categorization
- Identify appropriate IPS/IDS tooling and install/configure accordingly
- Assist in the mitigation of DDOS, brute-force, or MiTM attack vectors
- Detect and lead remediation of XSS/CSRF/SQLi vulnerabilities
- Standardize compliance-related logging using a SIEM or other mechanism
- Teach and share knowledge of the OWASP Top 10 and/or SANS Top 25
- Contribute to IdP/SSO/endpoint management efforts
- Track latest security trends in MacBook, Chromebook, and/or Linux hosts
- Eager to engage in a role that demands software engineering skills and the ability to consistently execute on solutions
- Love building relationships with teammates across multiple functional business units
- No shortage of incident response war stories to share; even better if they include executive-level engagement
- Always vigilantly consider impact to business operations when identifying and implementing new security processes
- Willingly navigate ambiguity with humility, understanding, and a growth mindset
- You have several years of experience with at least one scripting language and feel at home operating a terminal emulator
- You have firsthand experience deploying web services to AWS (or other cloud service provider)
- Bonus points for working knowledge of Node.js, Python, MySQL, Mongo, Ansible, Docker, Route53, ECS, and/or Lambda
- Background in PCI and/or GDPR compliance is a plus
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.