Lead DevSecOps Engineer
Kaseya is the leading provider of complete IT infrastructure and security management solutions for Managed Service Providers (MSPs) and internal IT organizations worldwide powered by AI.
Our company culture values BOLD, GRITTY, and ACCOUNTABLE individuals who are passionate about driving sustained business success through efficient IT management and security.
Key Responsibilities:
* Define Security Standards: Develop and enforce security best practices, guidelines, and frameworks to be used throughout the DevOps pipeline.
* Secure Development Lifecycle (SDLC): Ensure security principles are integrated into each phase of the SDLC, from design to deployment, through security tools, code reviews, and best practices.
* Threat Modeling and Risk Assessment: Identify potential threats to applications and infrastructure, evaluating the likelihood and impact of these risks, and working with teams to mitigate them early in development.
* CI/CD Pipeline Security: Integrate security testing (such as SAST, DAST, and vulnerability scanning) into CI/CD pipelines to automate security checks and detect vulnerabilities in real time.
* Infrastructure as Code (IaC) Security: Implement security measures in IaC, ensuring secure configurations of cloud infrastructure and monitoring for drift from these configurations.
* Automated Compliance: Develop automation scripts for continuous compliance checks, ensuring regulatory requirements (like GDPR, HIPAA, or PCI-DSS) are consistently met.
* Educate and Train: Conduct security awareness and training sessions for developers, operations, and product teams to foster a security-first culture.
* Stakeholder Collaboration: Work closely with other engineering, product, and business teams to align security with organizational goals without compromising agility.
* Mentorship and Leadership: Mentor junior security and DevOps engineers, guiding them in implementing secure coding practices, CI/CD security, and other DevSecOps practices.
* Evaluate and Implement Security Tools: Research, assess, and implement the right security tools for code scanning, monitoring, vulnerability assessment, and infrastructure security.
* Optimize DevSecOps Toolchain: Ensure the toolchain is optimized for performance, security, and scalability while maintaining compatibility with existing development and operational workflows.
* Configuration Management and Version Control: Manage secure configuration and version control for systems, ensuring compliance and minimizing the risk of misconfigurations.
Skills & Experience Required:
* Technical Expertise: Proficient in DevSecOps practices, with expertise in Linux, Kubernetes, Docker, Jenkins, and cloud platforms (AWS, Azure).
* Coding & Scripting: Advanced skills in Python, Bash, and infrastructure-as-code (e.g., Terraform).
* Security Tools: Experience with vulnerability scanners (e.g., Snyk, WIZ, GitHub advance security…) and SIEM solutions.
* Communication: Skilled at cross-functional communication with DevOps, IT, and Security teams.
Requirements:
* Prior experience: As a DevSecOps Engineer.
* Working understanding: Of modern security vulnerabilities and best practices in the SDLC.
* Strong understanding: Of Linux and Windows Operating Systems.
* Experience scripting: And automating mechanisms in the SDLC.
* Working experience: In enterprise environments.
* Experience on implementing: Security mechanisms in complex environments.
* Strong written and verbal communication skills: With a passion for documentation.
* Works effectively under pressure: In a fast-paced, dynamic environment.
* Strong work ethic: And an insatiable desire to learn.
* Thrives in a team-based environment: Leaving ego at the door.
* Continuously strives: For the betterment of engineering at Kaseya.
* Develop and enforce: Security standard methodologies, processes, and tools.
* Be the bridge: Between DevSecOps Engineers, Software and Systems engineering.
* Identify trends: In need of a larger solution, beyond the scope of the immediate problem.
* Champion best: Security practices within the organization.
* Solve complex and challenging problems: With simple, maintainable, and scalable solutions.