Senior DevSecOps Engineer
Remote
CrossFit
CrossFit offers a results-based, community-driven approach that helps you build fitness and improve your health—over your lifetime.
CrossFit is looking to hire a highly skilled and experienced Senior DevSecOps Engineer to join our team remotely. This role is integral to ensuring the security, efficiency, and reliability of our cloud infrastructure. The ideal candidate will have extensive experience with AWS cloud services, Terraform for Infrastructure as Code, and Python for automation and software development. As a senior member of our team, you will be expected to lead initiatives and drive the implementation of secure development practices across the organization.
RESPONSIBILITIES:● Infrastructure Security:○ Design, implement, and maintain secure AWS cloud infrastructure.○ Ensure the security of cloud resources through automated security controls, continuous monitoring, and threat detection.○ Lead the development of security policies, procedures, and practices for cloud infrastructure.● Automation and Development:○ Develop and maintain automation scripts and tools using Python to streamline security processes and improve efficiency.○ Collaborate with software development teams to integrate security into the CI/CD pipeline, ensuring secure code deployment.○ Implement and maintain infrastructure as code (IaC) practices, ensuring consistency and compliance across environments.● Leadership and Collaboration:○ Work closely with cross-functional teams, including development, operations, and security, to ensure alignment on security objectives.○ Lead incident response efforts for security breaches, including investigation, mitigation, and post-incident analysis.● Continuous Improvement:○ Stay up-to-date with the latest security threats, technologies, and best practices, and implement improvements where necessary.○ Conduct regular security assessments, audits, and penetration tests to identify and address vulnerabilities.○ Drive the adoption of new security tools and technologies that enhance our security posture.
KNOWLEDGE AND SKILLS:● Extensive experience with AWS services, including IAM, VPC, ECS, RDS, Lambda, WAF, Cloud Firewall, and others.● Proficiency with Terraform and Terragrunt for infrastructure as code.● Strong Python programming skills, with experience in automating security and devops processes and developing security tools.● Security Skills: Knowledge of security best practices, threat modeling, security testing, and vulnerability management● Incident Response: Ability to handle and respond to security incidents and breaches.● Monitoring and Logging: Skills in using monitoring tools like DataDog, Prometheus, Grafana, ELK Stack or Splunk.● Networking Fundamentals: Understanding of network protocols (e.g., TCP/IP, DNS, SMTP, HTTP/HTTPS) and network architecture.● Firewalls and Security Devices: Proficiency with firewall management (both traditional and next-generation) and other security devices like IDS/IPS, VPNs, and DLP systems.● Intrusion Detection and Prevention: Ability to configure and manage intrusion detection systems (IDS) and intrusion prevention systems (IPS).● Network Monitoring and Traffic Analysis: Experience with tools such as Wireshark, Nagios, or SolarWinds for monitoring network traffic and performance.● Security Information and Event Management (SIEM): Proficiency in using SIEM platforms like Splunk, IBM QRadar, or LogRhythm to analyze security alerts and logs.● Experience with CI/CD pipelines and integrating security tools into the development process.● Excellent problem-solving skills and the ability to work under pressure in a fast-paced environment.● Strong communication skills, with the ability to articulate complex security concepts to technical and non-technical stakeholders.Preferred Qualifications:● Relevant certifications such as AWS Certified Security – Specialty, Certified Information Systems Security Professional (CISSP), or similar.● Knowledge of containerization and orchestration tools (e.g., Docker, Kubernetes) and their security implications.● Familiarity with DevOps tools such as GitHub Actions, Jenkins, or similar.
EDUCATION/EXPERIENCE:● Bachelor’s degree in Computer Science, Information Security, or a related field; or equivalent experience.● 5+ years of experience in a DevSecOps or related role, with a focus on cloud security.
WHAT WE OFFER:● Rich Medical, Dental, and Vision plans● Discretionary Paid Time Off – empowering you to unplug whenever and however you need to● Flexible spending account and 401(k) with employer matching - vested on day one● CrossFit Gym Membership Reimbursement● CrossFit Courses Benefit● Partnership Perks
RESPONSIBILITIES:● Infrastructure Security:○ Design, implement, and maintain secure AWS cloud infrastructure.○ Ensure the security of cloud resources through automated security controls, continuous monitoring, and threat detection.○ Lead the development of security policies, procedures, and practices for cloud infrastructure.● Automation and Development:○ Develop and maintain automation scripts and tools using Python to streamline security processes and improve efficiency.○ Collaborate with software development teams to integrate security into the CI/CD pipeline, ensuring secure code deployment.○ Implement and maintain infrastructure as code (IaC) practices, ensuring consistency and compliance across environments.● Leadership and Collaboration:○ Work closely with cross-functional teams, including development, operations, and security, to ensure alignment on security objectives.○ Lead incident response efforts for security breaches, including investigation, mitigation, and post-incident analysis.● Continuous Improvement:○ Stay up-to-date with the latest security threats, technologies, and best practices, and implement improvements where necessary.○ Conduct regular security assessments, audits, and penetration tests to identify and address vulnerabilities.○ Drive the adoption of new security tools and technologies that enhance our security posture.
KNOWLEDGE AND SKILLS:● Extensive experience with AWS services, including IAM, VPC, ECS, RDS, Lambda, WAF, Cloud Firewall, and others.● Proficiency with Terraform and Terragrunt for infrastructure as code.● Strong Python programming skills, with experience in automating security and devops processes and developing security tools.● Security Skills: Knowledge of security best practices, threat modeling, security testing, and vulnerability management● Incident Response: Ability to handle and respond to security incidents and breaches.● Monitoring and Logging: Skills in using monitoring tools like DataDog, Prometheus, Grafana, ELK Stack or Splunk.● Networking Fundamentals: Understanding of network protocols (e.g., TCP/IP, DNS, SMTP, HTTP/HTTPS) and network architecture.● Firewalls and Security Devices: Proficiency with firewall management (both traditional and next-generation) and other security devices like IDS/IPS, VPNs, and DLP systems.● Intrusion Detection and Prevention: Ability to configure and manage intrusion detection systems (IDS) and intrusion prevention systems (IPS).● Network Monitoring and Traffic Analysis: Experience with tools such as Wireshark, Nagios, or SolarWinds for monitoring network traffic and performance.● Security Information and Event Management (SIEM): Proficiency in using SIEM platforms like Splunk, IBM QRadar, or LogRhythm to analyze security alerts and logs.● Experience with CI/CD pipelines and integrating security tools into the development process.● Excellent problem-solving skills and the ability to work under pressure in a fast-paced environment.● Strong communication skills, with the ability to articulate complex security concepts to technical and non-technical stakeholders.Preferred Qualifications:● Relevant certifications such as AWS Certified Security – Specialty, Certified Information Systems Security Professional (CISSP), or similar.● Knowledge of containerization and orchestration tools (e.g., Docker, Kubernetes) and their security implications.● Familiarity with DevOps tools such as GitHub Actions, Jenkins, or similar.
EDUCATION/EXPERIENCE:● Bachelor’s degree in Computer Science, Information Security, or a related field; or equivalent experience.● 5+ years of experience in a DevSecOps or related role, with a focus on cloud security.
WHAT WE OFFER:● Rich Medical, Dental, and Vision plans● Discretionary Paid Time Off – empowering you to unplug whenever and however you need to● Flexible spending account and 401(k) with employer matching - vested on day one● CrossFit Gym Membership Reimbursement● CrossFit Courses Benefit● Partnership Perks
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Job stats:
19
6
0
Categories:
DevSecOps Jobs
Security Engineering Jobs
Tags: Audits Automation AWS CI/CD CISSP Cloud Compliance Computer Science DevOps DevSecOps DNS Docker ELK Firewalls GitHub Grafana IAM IDS Incident response Intrusion detection Intrusion prevention IPS Jenkins Kubernetes Lambda LogRhythm Monitoring Nagios Prometheus Python QRadar Security assessment SIEM SMTP Splunk TCP/IP Terraform Threat detection VPN Vulnerabilities Vulnerability management
Perks/benefits: Career development Fitness / gym Flexible spending account Flex vacation Health care
Region:
Remote/Anywhere
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.
Security Operations Engineer jobsPenetration Tester jobsSenior Cybersecurity Engineer jobsSenior Cyber Security Engineer jobsInformation Security Officer jobsInformation Systems Security Officer jobsPrincipal Security Engineer jobsCloud Security Architect jobsSenior Network Security Engineer jobsInformation System Security Officer jobsChief Information Security Officer jobsSenior Penetration Tester jobsStaff Security Engineer jobsSecurity Specialist jobsSecurity Consultant jobsCyber Security Specialist jobsIT Security Engineer jobsSenior Information Security Analyst jobsCyber Security Architect jobsSecurity Operations Analyst jobsSenior Product Security Engineer jobsCybersecurity Consultant jobsSenior Information Security Engineer jobsInformation System Security Officer (ISSO) jobsThreat Intelligence Analyst jobs
SaaS jobsSDLC jobsMalware jobsEncryption jobsRMF jobsForensics jobsSQL jobsGDPR jobsIPS jobsSplunk jobsIDS jobsTop Secret jobsEDR jobsFinance jobsDoDD 8570 jobsTerraform jobsBash jobsITIL jobsOWASP jobsCRISC jobsUNIX jobsGIAC jobsCompTIA jobsDocker jobsIntrusion detection jobs
TCP/IP jobsBanking jobsSANS jobsThreat detection jobsData Analytics jobsActive Directory jobsPolygraph jobsCCSP jobsOSCP jobsClearance Required jobsVPN jobsCyber defense jobsIT infrastructure jobsSOC 2 jobsAnsible jobsJavaScript jobsSOX jobsDNS jobsSOAR jobsJira jobsGCIH jobsSecurity strategy jobsOracle jobsNIST 800-53 jobsCryptography jobs