DevSecOps Engineer

Description

Our Company:

At red violet, we build proprietary technologies and apply analytical capabilities to deliver identity intelligence. Our technology powers critical solutions, which empower organizations to operate with confidence. Our solutions enable the real-time identification and location of people, businesses, assets and their interrelationships. These solutions are used for purposes including risk mitigation, due diligence, fraud detection and prevention, regulatory compliance, and customer acquisition. Our intelligent platform, CORE™, is purpose-built for the enterprise, yet flexible enough for organizations of all sizes, bringing clarity to massive datasets by transforming data into intelligence. Our solutions are used today to enable frictionless commerce, to ensure safety, and to reduce fraud and the concomitant expense borne by society.  

The Role:

The DevSecOps Engineer integrates security into the software development lifecycle, ensuring data availability, integrity, authentication, confidentiality, and non-repudiation. Collaborating with development, operations, infrastructure, and security teams, this role implements automated security measures and monitors systems to comply with established standards and regulatory requirements.

What You Will Do:

• Embed security practices and tools into the software development lifecycle to ensure security is prioritized from the outset.
• Design and manage secure cloud infrastructures, ensuring compliance with best practices and organizational policies.
• Recognize and address information security-related issues by identifying abnormalities and promptly reporting violations to stakeholders.
• Spot and execute new security technologies and best practices into the company’s cloud infrastructure.
• Implement and evaluate emerging security technologies and best practices to strengthen cloud infrastructure.
• Assists in compliance-related activities associated with relevant organizational compliance requirements, such as PCI DSS, SOC2, and SOX.
• Assist the stakeholders in identifying and evaluating technical and operational security risks, threats, weaknesses and vulnerabilities.
• Recommend the application of fixes, patches, and recovery procedures in the event of a security incident.
• Maintain security servers and proprietary software used for securing applications, networks and VPCs.
• Partner with cross-functional teams to integrate secure CI/CD practices, fostering a "security-first" automation mindset.
• Support security incident response and investigations, collaborating across teams to enhance the company's security posture.

What You Bring:

• Bachelor of Science in Computer Science, Information Technology, Information Security, or related field.
• Proven experience in integrating security into DevOps practices, with a focus on automation and continuous delivery.
• Strong understanding of security concepts, including threat modeling, risk assessment, and vulnerability management.
• Proficiency in automation tools and scripting languages like Python and PowerShell.
• Knowledge of Infrastructure as Code (IaC) tools.
• Experience with cloud platforms including cloud security principles.
• Familiarity with containerization and orchestration tools like Docker and Kubernetes.
• Strong analytical and problem-solving abilities.
• Excellent communication and collaboration skills to work effectively with cross-functional teams. 
• Commitment to continuous learning and staying updated with emerging security trends and technologies. Demonstrable experience implementing and administrating information security processes, systems, and controls.
• Working knowledge with common network infrastructure and devices, such as firewalls, IDS/IPS, routers, and switches.
• Familiarity with established information security standards and frameworks, such as NIST 800-53, PCI, and SOC2.
• Cloud-based certifications, such as AWS Certified Security – Specialty.
• Security-focused certifications, including CISSP, CISM, CompTIA Security+, GSEC, GCSA, or Certified DevSecOps Professional.
• Experience with AWS Identity and Access Management (IAM) and related security services.

What We Offer:

red violet offers excellent benefits including opportunity for stock (RSU) grants, a 401K and generous company match, flexible PTO policy, medical, dental and vision coverage, commuter benefits, in-office healthy snacks, team events and more.

red violet is proud to be an Equal Opportunity Employer.