$120k – $200k • 0.0% – 1.0% Company Overview You will help design, develop, and lead cross-functional efforts to secure both our infrastructure and application services. You will support documentation for compliance and contribute to procedures for system reliability and incident response. Management is optional but mentorship is key. Job Description As a core contributor to the DevOps team, you will help design and develop sophisticated infrastructure and tooling that is integral to the development of application services. You will be key in helping us leverage cutting edge technologies not only for our own infrastructure but also in the design of our product offerings. Management is optional but mentorship is key. Responsibilities Design, document, and execute a security and compliance program for infrastructure and appsDeploy, configure, and monitor security tools from endpoint solutions to code testing with CI/CDConduct regular security assessments of our apps and architecture through penetration tests, vulnerability scans, threat modeling, and manual inspectionMonitor security, drive response to vulnerabilities, and coordinate with incident respondersAdvise developers on resolving security findings to drive security complianceParticipate in SOC2, regulatory, and other compliance audits. Requirements BA/BS preferred in a technical or engineering field3+ years experienceFamiliarity with security considerations such as isolating environments using network configurations, RBAC, security groups, bastion hosts or amazon workspaces, firewall setupsExperience securing AWS infrastructure using tools like Audit Manager, Inspector, CloudTrail, Security Hub, GuardDuty, CloudWatch, CloudTrail, WAF, Shield, Secrets Manager, Cognito, KMS, and IAM for regulations such as SOX, GDPR, PCIExperience with code scanning procedures such as SCA, SAST, DAST, and related frameworks/tools such as OWASP, veracode or blackduck.Experience with vulnerability analysis, pen testing, and patch prioritizationEffective understanding of security best practices such as least privilege, RBAC, protocols, authentication, authorization, endpoint security, network security, logging, and observability Preference will be given to candidates with Experience using pen testing tools (Kali Linux, BurpSuite, nmap, metasploit, etc.)Experience with security policies for Terraform (IaC) controlling production infrastructureExperience training developers in various aspects of security to include secure coding, security requirements, static/dynamic security tools, etc. #J-18808-Ljbffr