Pandoblox

Job Openings

Stay agile with leading-industry insights from our veteran CxO's

About Pandoblox:

Pandoblox is a global team of digital business builders working together to change the way developers work together and collaborate for business transformations. We focus on culture and transparency making sure that we create environments that bring out our collective brilliance as we build. We've altered our language to ensure that our build intentions are not tainted by marketing and sales efforts focusing on our true nature of building. You'll see the difference the minute you talk to our team and get to know our methodologies.

About the Role:

As an Enterprise Information DevSecOps Engineer you will be a champion for information security best practices. This person plays a key role in engineering solutions to help teams own their information security, and operate within compliance frameworks. To achieve this, working with cross-functional team leaders to recognize risks and incorporate industry best-practices is important. One of the key task is to evangelize a balanced security posture that is founded in a risk-based approach.  This role requires on-call and first-response to security-related incidents.

Responsibilities:

  • Secure all corporate IT assets including workstations, networks and applications

  • Identify and communicate current and emerging security threats and develop plans to mitigate risk

  • Develop proposals for enterprise security strategy based on threat analysis, opportunity identification, value cases, and risk.

  • Act as a subject matter expert to IT and business leaders to support security goals within new projects, existing use cases, and vendors.

  • Integrate with project teams to align objectives to the security program and identify if components need to be modified to accommodate security recommendations.

  • Evaluate and implement security architecture tools to maximize value and trust

  • Prepare, champion, and educate the organization and individual teams on changes in security policies and best practices

  • Develop corporate incident response plan and respond to incidents accordingly

  • Monitor OS, network and application logs and identify threats and vulnerabilities

  • Plan, implement, upgrade and monitor security measures related to computer networks and software testing and validation procedures, programming and documentation

  • Understand current security and monitoring posture.

  • Architect and design API Security, Container Security, Cloud Security.

  • Assist in developing an automated framework for Security Tool deployment and development, leveraging various scripting languages and open-source solutions

  • Apply knowledge and/or skills of scripting; cloud technologies and computer forensics; security posture assessment and requirements-based hardening; Extensive Appsec, Encryption, Data Protection SOC automation and tool integration experience

  • Curate relationships with third-party vendors or clients in relation to the Security Program.

  • Develop goals and implementation for continuous improvements in relation to compliance programs and security training throughout the enterprise.

  • Serve as first responder to all cybersecurity incidents.

  • Perform daily or weekly reviews of IT security logs to identify any gaps and escalate any issues.

  • Collaborate with stakeholders and project management to begin work on projects that aim to improve our ability to identify, detect, protect, respond, or recover in relation to information security threats.

  • Collaborate with security leadership to model and propose future resource needs within the domain of Enterprise Security and compliance initiatives.

Requirements:

  • Minimum 5 years of IT Security or Information Security experience including at least 3 years of experience in e-commerce or SaaS software industries with secure operational requirements.

  • Solid experience in designing or implementing compliance systems

  • Strong DevOps background with one or more tools/technologies

  • Microservice architecture

  • Automation process development experience

  • CI/CD - Deployment pipeline experience

  • Familiarity with REST API design

  • Experience with DevOps container/orchestration tools

  • Ability to use security tools and software to attain desired goals

  • Deep knowledge of GCP and AWS

  • Can communicate, teach, and promote security to teams from different disciplines and varying levels of experience.

  • Deep understanding of security research and advanced exploitation techniques from defensive and offensive perspectives.

  • Authorized to work in the USA

  • Willing to work remotely and at the same time go onsite (within USA) as required

DevSecOps Engineer

USA

Full Time

Apply for this job

Thank you for your application! We will get in touch with you soon!

Upload File