DevSecOps

<h4>&nbsp;</h4> <h4><strong>Transmit Security</strong> gives businesses the modern tools they need to build secure, trusted and end-to-end digital identity journeys to innovate and grow.&nbsp;</h4> <p>CX-focused, cybersecurity conscious leaders rely on Transmit Security’s xCIAM platform to provide their customers with smooth experiences protected from fraud across all channels and devices.&nbsp;</p> <p>Transmit Security serves many of the world’s largest banks, insurers, retailers, and other leading brands, collectively responsible for more than $1.3 trillion in annual commerce.&nbsp;</p> <p>&nbsp;</p> <h4><strong>About the Role:</strong></h4> <p>As a DevSecOps engineer you will be a part of our DevOps group and play a critical role in designing and implementing application and infrastructure security programs that will make sure that our systems continue to be secure and compliant with our clients’ high bar.</p> <p>You will work closely with developers and DevOps engineers to help identify and remediate application and infrastructure security issues.</p> <h4><strong>What you’ll do:</strong></h4> <ul> <li>Implement an application security program</li> <ul> <li>Design and implement security automation and controls within CI/CD pipelines utilizing SAST, DAST and SCA tools</li> <li>Collaborate on architecture reviews, threat modeling, and developer security training sessions to elevate AppSec maturity</li> </ul> <li>Implement an infrastructure security program</li> <ul> <li>Integrate and implement CSPM controls within a high scale cloud environment.</li> <li>Own strategy for security in IAM, secret management and similar security-critical components</li> <li>Own security training and review for DevOps teams.</li> <li>Orchestrate execution of penetration testing on infrastructure and application and a bug bounty program</li> </ul> <li>Own compliance processes within DevOps</li> <li>Build and continuously improve SOC2 compliance processes and audit readiness tooling</li> <li>Lead technical responses for internal and external audits, working closely with GRC, engineering, and cloud teams to resolve gaps and strengthen security posture.​</li> </ul> <h4><strong>What you’ll need:</strong></h4> <ol> <li>At least 3 years of experience in Application Security and Infrastructure Security in a SaaS company operating in a highly regulated market (finance, healthcare, crypto, security)</li> <li>Experience managing SoC2 or ISO 27001 certifications.</li> <li>Strong software development capabilities and application security knowledge.</li> <li>Strong expertise in AWS, Google Cloud, and Azure security best practices.​</li> <li>Hands-on work with CI/CD, IAC, artifact repositories and related technologies (GitHub Actions, Jenkins, ArgoCD, JFrog, Terraform, CloudFormation)</li> <li>Hands-on work with CSPM,&nbsp; SCA, SAST, secret scanning and similar tools (ORCA, Veracode, …)</li> <li>Hands-on work with building automations and integrations around security tools.</li> <li>Familiarity with SOC 2, ISO 27001, or NIST frameworks and 24x7 cloud security operations in regulated environments.​</li> </ol>