We are looking for a DevSecOps Engineer to help take our Security team to the next level.  A successful candidate in this role will possess a strong technical understanding of application security/secure development concepts and have the ability to work with software and devops engineers, architects, and engineering and product managers across multiple domains to help measure, improve, and ensure the security of our software.

You Will:

• Work closely with engineers, data scientists, product owners, and members of the security team to ensure and enable secure design, development, implementation, and monitoring of web applications and APIs in accordance with information security policy and associated compliance controls
• Collaborate with engineering teams to integrate security tooling into both new and existing Avathon software build pipelines
• Engage with engineering teams to analyze, prioritize, and provide remediation guidance for security scan results
• Lead teams through threat modeling exercises
• Participate in code reviews, ensuring security best practices are in place
• Conduct technical Root Cause Analysis on vulnerabilities and helping to identify areas for further research, education or testing
• Educate and evangelizing to engineers and managers secure development best practices, common pitfalls, and the Secure Software Development Lifecycle (SSDLC) process
• Assist cross functional teams efforts to embed logging, monitoring and auditing in applications
• Manage vulnerabilities for Avathon software and working with engineering teams to identify, prioritize, and mitigate vulnerabilities

You’ll Have:

• 3+ years of experience as either an Application Security Engineer or DevSecOps Engineer
• Experience working with development teams to build secure software: threat modeling, security education, code reviews
• Strong understanding of the OWASP Top 10.
• Experience writing shell scripts and/or working with common CI/CD tools (i.e. Jenkins, Github Actions, CircleCI, etc)
• Proficiency in reading, writing, and auditing Python, Javascript, or C# and the ability to pick up new languages/technologies
• Knowledge of web service technologies and RESTful APIs
• Excellent written and verbal communication skills, interpersonal and collaborative skills
• Strong problem-solving skills and are proactive about getting things done
• An understanding of/experience with encryption technologies (SSH, SSL, TLS, etc.) and common authentication and authorization protocols (OAuth2, OIDC, RBAC, ABAC)
• A strong understanding of microservices-based architectures

It would be great if you had:

• Experience with SAST, DAST, SCA tools
• Experience with penetration testing
• Experience with container security
• Experience as a software developer
• Experience with Kubernetes

Pay Range: $110,000 - $144,000. Pay for this position is based on a number of factors including geographic location and may vary depending on job-related knowledge, skills, and experience.