Overview
The goal of a DevSecOps Engineer is to proactively identify and help mitigate technical risk in all software pipelines within BitMEX
They will achieve this through a strong partnership with DevOps, with a combination of security gate implementation & management, security control administration and overall reporting while working closely with DevOps, alongside the Detection & Response, AppSec and Infrastructure Security teams
Responsibilities
Design and implement secure automation solutions for development, testing, and production environments
- Collaborate with Product Management and Architects to contribute to the roadmaps of CI/CD Pipeline
- Implement security controls, best practices and configuration management
- Hands-on contributor and code reviewer on DevSecOps related projects
- Employ infrastructure as code paradigm to increase automation, scalability, and reliability
- Perform technology watch related to industry trends and best practices
- Maintains extensive knowledge of state-of-the-art principles, theories, and practices around all things software-related
Identifies and recommends long-term technologies of relevant company interest and proposes long-term development strategy on cutting-edge trends and developments in area of expertise
Qualifications
- 10+ years of security industry experience, with minimum 2 years in a DevSecOps role
- Experience building tools for Continuous Integration and Continuous Deployment systems
Familiarity with DevSecOps principles for integrating security solutions in products like Jenkins, Helm, ArgoCD
- Proven experience and understanding of security principles across infrastructure platforms, data layers, integration points, and application layers
- Demonstrated experience architecting and developing security solutions during the secure software development lifecycle program or secure lifecycle improvement efforts and managing large scale projects to completion
- Adapt to evolving security and business priorities quickly and effectively
Loves new technological challenges and excels at solving them
- Modern infrastructure and application development experience using public cloud primitives
You should be familiar with kubernetes, serverless architecture and infrastructure as Code tools like Terraform, Ansible, Chef
- Knowledge of Kubernetes DNS how it interacts with external DNS servers
- End to end troubleshooting experience
Good to have
- Common security certifications such as GSEC, CEH, CISSP, CCSP, or CCSK
- Good understanding of Public Key Infrastructure (PKI)
- Technical understanding of management implementations for identity like MFA, 2SV, SAML, OAuth
- Experience with Prometheus/Thanos, Graphite, Fluentd
- Experience with data templating languages like Jsonnet or related a plus
#LI-CH1
Listed in: , , , , , ,