Kaseya is the leading provider of complete IT infrastructure and security management solutions for Managed Service Providers (MSPs) and internal IT organizations worldwide powered by AI. Kaseya's best-in-breed technologies allow organizations to efficiently manage and secure IT to drive sustained business success. Founded in 2000, Kaseya currently serves customers in over 20 countries across a wide variety of industries and manages over 15 million endpoints worldwide.
Kaseya is not your typical company. We are not afraid to tell you exactly who we are and our expectations. We have achieved record levels of success being BOLD, being GRITTY, being ACCOUNTABLE. The thousands of people that succeed at Kaseya are prepared to go above and beyond for the betterment of our customers, and the betterment of their careers and long-term financial wealth.
WHAT YOU'LL DO:
As a cutting-edge technology company, we are searching for a talented Lead DevSecOps Engineer to join our exceptional team. You will be responsible for planning, coordinating, and executing initiatives that improve the security posture of Kaseya, executing DevSecOps activities, promoting a cybersecurity culture, and mentoring cybersecurity engineers.
Key Responsibilities
1. Define Security Standards: Develop and enforce security best practices, guidelines, and frameworks to be used throughout the DevOps pipeline.
2. Secure Development Lifecycle (SDLC): Ensure security principles are integrated into each phase of the SDLC, from design to deployment, through security tools, code reviews, and best practices.
3. Threat Modeling and Risk Assessment: Identify potential threats to applications and infrastructure, evaluating the likelihood and impact of these risks, and working with teams to mitigate them early in development.
4. CI/CD Pipeline Security: Integrate security testing (such as SAST, DAST, and vulnerability scanning) into CI/CD pipelines to automate security checks and detect vulnerabilities in real time.
5. Infrastructure as Code (IaC) Security: Implement security measures in IaC, ensuring secure configurations of cloud infrastructure and monitoring for drift from these configurations.
6. Automated Compliance: Develop automation scripts for continuous compliance checks, ensuring regulatory requirements (like GDPR, HIPAA, or PCI-DSS) are consistently met.
7. Educate and Train: Conduct security awareness and training sessions for developers, operations, and product teams to foster a security-first culture.
8. Stakeholder Collaboration: Work closely with other engineering, product, and business teams to align security with organizational goals without compromising agility.
9. Mentorship and Leadership: Mentor junior security and DevOps engineers, guiding them in implementing secure coding practices, CI/CD security, and other DevSecOps practices.
10. Evaluate and Implement Security Tools: Research, assess, and implement the right security tools for code scanning, monitoring, vulnerability assessment, and infrastructure security.
11. Optimize DevSecOps Toolchain: Ensure the toolchain is optimized for performance, security, and scalability while maintaining compatibility with existing development and operational workflows.
12. Configuration Management and Version Control: Manage secure configuration and version control for systems, ensuring compliance and minimizing the risk of misconfigurations.
Skills & Experience Required
1. Technical Expertise: Proficient in DevSecOps practices, with expertise in Linux, Kubernetes, Docker, Jenkins, and cloud platforms (AWS, Azure).
2. Coding & Scripting: Advanced skills in Python, Bash, and infrastructure-as-code (e.g., Terraform).
3. Security Tools: Experience with vulnerability scanners (e.g., Snyk, WIZ, GitHub advance security...) and SIEM solutions.
4. Communication: Skilled at cross-functional communication with DevOps, IT, and Security teams.
WHAT YOU'LL BRING:
1. Prior experience as DevSecOps Engineer.
2. Working understanding of modern security vulnerabilities and best practices in the SDLC.
3. Strong understanding of Linux and Windows Operating Systems.
4. Experience scripting and automating mechanisms in the SDLC.
5. Working experience in enterprise environments.
6. Experience implementing security mechanisms in complex environments.
7. Strong written and verbal communication skills, with a passion for documentation.
8. Works effectively under pressure in a fast-paced, dynamic environment.
9. Strong work ethic and an insatiable desire to learn.
10. Thrives in a team-based environment leaving ego at the door.
11. Continuously strives for the betterment of engineering at Kaseya.
12. Develop and enforce Security standard methodologies, processes, and tools.
13. Be the bridge between DevSecOps Engineers, Software and Systems engineering.
14. Identify trends in need of a larger solution, beyond the scope of the immediate problem.
15. Champion best Security practices within the organization.
16. Solve complex and challenging problems with simple, maintainable, and scalable solutions.
Join the Kaseya growth rocket ship and see how we are #ChangingLives!
Additional information
Kaseya provides equal employment opportunity to all employees and applicants without regard to race, religion, age, ancestry, gender, sex, sexual orientation, national origin, citizenship status, physical or mental disability, veteran status, marital status, or any other characteristic protected by applicable law. #J-18808-Ljbffr