Senior Devsecops Engineer

Senior DevSecOps Engineer

Department:
Engineering

Employment Type:
Full Time

Location:
Sydney

Compensation:
$180,000 - $200,000 / year

Description The DevSecOps Engineer will work closely with our product teams to ensure the code and infrastructure we build is secure before we launch and is maintained in a secure state. We are looking for someone with a strong startup mindset, knowing how to achieve the optimal time to impact.
You could come from a strong DevOps background with a strong interest in Security or a Security Engineer who likes to get involved in DevOps too. We have hybrid working with most people doing 1-2 days a week in the office, which is a short walk from Central Station in Sydney.
The role Working as part of a small Enablement squad, you will be our first dedicated DevOps or Security Engineer with work in those areas to date done by our Principal Software Engineers.
This means you'll have a lot of opportunity and scope to build ground up best practices, making and implementing technical decisions.

Role Responsibilities:

• Secure adoption and integration of cloud-based services using tools like Pulumi and GCP
• Reduce existing technical debt from security issues and improving existing platforms
• Assess current practices and tools and strengthening security within a DevOps framework
• Migrate from BuildKite to GitHub Actions
• Development and maintenance of security tools within build pipelines
• As part of Enablement engineering, work with Software Engineers to assist in identifying and solving security issues and vulnerabilities in code and infrastructure
• Reviewing system design and assisting in threat modelling
• Educating software engineers in secure coding practices

What we are looking for The key criteria we are looking for is Senior level experience in DevOps and Security, ideally in similar startup environments where you've had to put practises in place from the early stages and work in smaller teams in broader roles. If you've always been one of many Engineers in siloed teams in bigger/slower companies, we might not be what you're looking for.
We know the titles vary in this space, so maybe you have been a DevSecOps Engineer, Platform Engineer, SRE or Security Engineer. As long as you have Devops + Security and 5 + years, we're not worried about the titles.
The longer list of skills and experience we're ideally looking for:

Someone experienced in:

• The secure adoption and integration of cloud products and services such as Google Cloud Platform using secure by design and security as code frameworks
• Embedding and maturing security products, services, and practices within internal technology platforms, an agile framework and DevOps culture
• Designing, coding, automating and orchestrating cloud security and DevOps tools
• Developing threat models and security user stories
• Working as a security subject matter expert alongside developers
• Developing security design patterns and deployment/build guides for developers that align to SOC2 and similar frameworks
• Encouraging and evangelising a 'security is everyone's responsibility' culture within engineering teams