DevSecOps Engineer
SparkCognition
Who are we and why this opportunity?
Avathon, Inc. delivers world-class AI solutions that allow a business to solve their most critical problems, empowering them to run a more sustainable, safer, and profitable business. Our award-winning AI solutions predict future outcomes, optimize processes, and prevent cyberattacks. We partner with the world’s industry leaders to analyze, optimize, and learn from data. We augment human intelligence, drive profitable growth, and achieve operational excellence.
Drive change and create a footprint. Learn more at: Avathon
We are looking for a DevSecOps Engineer to help take our Security team to the next level. A successful candidate in this role will possess a strong technical understanding of application security/secure development concepts and have the ability to work with software and devops engineers, architects, and engineering and product managers across multiple domains to help measure, improve, and ensure the security of our software.
You Will:
- Work closely with engineers, data scientists, product owners, and members of the security team to ensure and enable secure design, development, implementation, and monitoring of web applications and APIs in accordance with information security policy and associated compliance controls
- Collaborate with engineering teams to integrate security tooling into both new and existing Avathon software build pipelines
- Engage with engineering teams to analyze, prioritize, and provide remediation guidance for security scan results
- Lead teams through threat modeling exercises
- Participate in code reviews, ensuring security best practices are in place
- Conduct technical Root Cause Analysis on vulnerabilities and helping to identify areas for further research, education or testing
- Educate and evangelizing to engineers and managers secure development best practices, common pitfalls, and the Secure Software Development Lifecycle (SSDLC) process
- Assist cross functional teams efforts to embed logging, monitoring and auditing in applications
- Manage vulnerabilities for Avathon software and working with engineering teams to identify, prioritize, and mitigate vulnerabilities
You'll Have:
- 3+ years of experience as either an Application Security Engineer or DevSecOps Engineer
- Experience working with development teams to build secure software: threat modeling, security education, code reviews
- Strong understanding of the OWASP Top 10.
- Experience writing shell scripts and/or working with common CI/CD tools (i.e. Jenkins, Github Actions, CircleCI, etc)
- Proficiency in reading, writing, and auditing Python, Javascript, or C# and the ability to pick up new languages/technologies
- Knowledge of web service technologies and RESTful APIs
- Excellent written and verbal communication skills, interpersonal and collaborative skills
- Strong problem-solving skills and are proactive about getting things done
- An understanding of/experience with encryption technologies (SSH, SSL, TLS, etc.) and common authentication and authorization protocols (OAuth2, OIDC, RBAC, ABAC)
- A strong understanding of microservices-based architectures
It would be great if you had:
- Experience with SAST, DAST, SCA tools
- Experience with penetration testing
- Experience with container security
- Experience as a software developer
- Experience with Kubernetes
Pay Range: $110,000 - $144,000. Pay for this position is based on a number of factors including geographic location and may vary depending on job-related knowledge, skills, and experience.
Avathon is an equal opportunity employer, dedicated to diversity, equality, and inclusion, and provides equal employment opportunities to all employees and applicants for employment.
Avathon prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.
Avathon is committed to providing reasonable accommodations throughout the recruiting process. If you need a reasonable accommodation, please contact us to discuss how we can assist you.