Senior DevSecOps Engineer

TL;DR

Senior DevSecOps Engineer: Designing and managing security solutions across the SDLC with a focus on automation and CI/CD pipelines. Focus on identifying and remediating security vulnerabilities, developing security monitoring solutions, and leading compliance initiatives.

Location: Candidates will need to reside in countries with the CET timezone or similar to it and will need to already have permit to work in the country where they are based.

Company

hirify.global is the world’s first and largest eSIM store, helping travellers stay connected seamlessly in over 200 countries and regions.

What you will do

• Design, implement, and manage security solutions across the entire software development lifecycle (SDLC), with a focus on automation and continuous integration/continuous delivery (CI/CD) pipelines, including robust API security measures and authentication protocols.
• Champion security best practices within engineering, DevOps, SRE, and IT teams, fostering a culture of shared responsibility for security.
• Proactively identify and remediate security vulnerabilities in applications, mitigating OWASP Top 10 vulnerabilities, infrastructure, and cloud services through threat modeling, vulnerability assessments, and penetration testing.
• Develop and maintain security monitoring and alerting solutions to detect and respond to potential security incidents in real-time and prevent common cyber attacks such as DDoS, injection attacks, and credential stuffing.
• Define and enforce secure coding standards and provide training and mentorship to development teams on DevSecOps principles.
• Lead compliance initiatives by contributing to security policies, controls, and audit readiness for SOC 2, ISO 27001, GDPR, and other relevant regulations.

Requirements

• Bachelor's degree in Computer Science, Cybersecurity, or a related field.
• 5+ years of experience in DevSecOps, Security Engineering, or a similar role with a strong focus on cloud security.
• 3+ years of hands-on experience with AWS services, including expertise in container orchestration, IAM, and security best practices.
• 2+ years of experience with Kubernetes, including securing Kubernetes clusters and deployments.
• Deep understanding of SAST, DAST, and container security solutions, API security testing tools, with experience implementing and managing these tools.
• Excellent communication and collaboration skills with the ability to work effectively in a fast-paced environment.

Nice to have

• Relevant certifications (AWS Security Specialty, CISSP, CEH, Security+).
• Experience with AI-driven security tools for anomaly detection.
• Experience with Zero Trust principles and implementations.
• Experience in securing PHP - Laravel/Symfony, JS - NuxtJS applications.
• Proficiency in network security, firewall management, VPNs, and network segmentation.

Culture & Benefits

• Remote work.
• Generous PTO.
• Wellness and learning allowances.
• Annual hirify.global Away retreat.