Responsibilities
- Working closely with leadership, product management, and our Engineering and Operations teams to design and implement security-focused capabilities across the SDLC using Shift-Left-On-Security principles.
- Partner with InfoSec, Technical Operations, and Platform Engineering teams to ensure CI/CD frameworks, infrastructure, and automation tooling are secure by design, resilient, and capable of protecting our customers at scale.
- Security Automation & CI/CD: Embed, maintain, and optimize automated security testing (SAST, DAST, SCA) directly into GitLab CI/CD pipelines.
- Vulnerability & Patch Management: Perform platform security assessments, verify reported exploits, and support vulnerability remediation activities.
- Security Compliance: Participate in security audits, provide actionable feedback, and coordinate with engineering teams to meet compliance timelines and regulatory standards.
- Penetration Testing Enablement: Provision and configure isolated test environments, deploy target application builds, and coordinate secure access requirements for penetration testing activities.
- Security Operations & Incident Response: Collaborate with cross-functional teams to evaluate security releases, generate compliance reports, and support security monitoring/observability using Grafana, New Relic, or OpenTelemetry.
- Security Advocacy: Conduct internal software security training and advocate for secure coding standards and DevSecOps best practices across engineering teams.
- Threat Modeling & Risk Mitigation: Conduct threat modeling exercises for new features and infrastructure changes to identify vulnerabilities before code hits production.
Requirements
- Hands-on experience implementing Shift-Left-On-Security frameworks within the SDLC.
- Practical knowledge of application security testing methodologies, specifically SAST, DAST, SCA, and OSS management.
- Experience conducting Threat Modeling exercises and performing secure code reviews.
- Awareness of penetration testing (blackbox, whitebox) methods
- Proven experience in DevOps practices utilizing Cloud Technologies (AWS preferred, Azure, GCP)
- Good understanding of the Software Development Lifecycle (SDLC), its phases and how to embed Security in each of them
- Experience in Version Control tools and CI/CD (Git/GitLab), including branching, and pipeline development.
- Knowledge of containerization and orchestration using Docker and Kubernetes.
- Linux system administration skills, including networking, access management, and basic troubleshooting skills.
- Expertise in a scripting language (e.g., Python, Bash).
- Demonstrated effective communication and collaboration across Engineering, Security, SRE, and cross-functional teams to support delivery and operational objectives
- Experience managing priorities, handling operational pressure, and escalating risks or blockers when needed. Identifies and supports continuous improvement initiatives.
- Demonstrated analytical thinking and problem-solving skills to troubleshoot operational, infrastructure, and security-related issues in a structured manner
- Strong attention to detail and a security-first mindset when working with CICD pipelines, infrastructure, automation, and cloud environments
- Continuous learning mindset with willingness to share knowledge, contribute to documentation, and support team growth
Nice to Have
- Knowledge of compliance and auditing standards (ISO 27001/27002, NIST 800-53, PCI DSS, CIS Controls) or active SecOps experience.
- Exposure to Infrastructure as Code (IaC), specifically Terraform.
Benefits
- A role in shaping the future of protecting the most critical applications that run the world's business and a career that grows as the company grows.
- A unique culture of high achievement and teamwork.
- Supportive and humble colleagues are the space's top problem solvers and innovators.
- Financial security through competitive compensation and incentives.