As our security professional, you should be providing tooling, processes, and guidance to help product managers, developers, and operations follow good security practices when designing a new system.
We're looking for someone who doesn't do security but enables security throughout our whole pipeline.
We feel as if security is undergoing the same type of revolution operations did back in 2009 with DevOps (agile systems administration). We're looking for someone who understands that security is not gatekeeping but enabling.
Responsibilities
- Tightly integrate security tools and processes throughout the DevOps pipeline.
- Establish Policies and Procedures to help the organization keep up with the pace of application development all the while staying secure and compliant.
- Automate core security tasks by embedding security controls early on in the software development lifecycle.
- Continuous monitoring and remediation of security defects across the application lifecycle including development and maintenance.
- Be the security advisor for product managers, development and system operations.
- Help us to setup processes to wade through security questionnaires and certifications
Requirements
- Previous experience with an infosec role
- You're able to work independently
- You properly document things
- Experience with Web technologies
- You have experience with a couple of the following security technologies: Gauntlt, BDD-Security, Snyk, InSpec, Brakeman, ZAP, OSQuery, Trufflehog, Dependency-Check, Error-Prone
- Experience with any of the following is a plus: GitLab-CI, Chef, Ruby, Docker, Kubernetes, Terraform, Penetration testing, Incident Response
Our offer
- a competitive salary
- we facilitate remote
- the opportunity to ride the wave (and grow with) a fast-evolving scale-up At Silverfin, we celebrate and support our differences. We know to have a team rich in diverse thoughts, experiences, and opinions allow our employees, and our services to flourish.