Loading...

DevSecOps Engineer

Industry: technology
Remote
Company Size: 1 - 10
Full-time
ror dot_net asp_dot_net mern_stack
Posted on 28/07/2022

Job Description

A rapidly-growing company that is dedicated to transforming the auto-tech sector with their linked car ecosystem technologies is looking for a DevSecOps Engineer. The selected candidates will be responsible for incorporating parameters for SAST, DAST, and Third-Party library evaluation into CI/CD processes. The company is creating market-leading products and large-scale automotive and IoT software, data, and diagnostics management solutions. The company has managed to securely raise $85mn+ during its Series B round of funding.

Job Responsibilities:

  • Help create a security roadmap for all the products
  • Create integration teams and deliver security product specifications that contain the software’s needs, design specifications, and test plans
  • Support the Software / Cloud team’s Threat Analysis and Risk Assessment (TARA).
  • Implement controls for SAST, DAST, and Third-Party library analysis into CI/CD workflows
  • Other cloud security integrity controls and image assurance
  • Conduct assessments of vulnerabilities in the cloud environment, including those in the infrastructure and third-party libraries, and set priorities for resolving them
  • Work with the software team to implement cybersecurity requirements and assess test and software analysis reports after analyzing cybersecurity attack entry points and weighing risk versus impact
  • Analyze market competition and stay current on new security technology in the automotive and consumer electronics industries

Job Requirements:

  • Bachelor’s/Master’s degree in Engineering, Computer Science (or equivalent experience)
  • At least 5+ years of relevant experience as a software engineer
  • Experience designing secure boot, firmware signatures, and validation
  • Experience planning and developing security policies, procedures, and standards within an IoT environment with constrained resources
  • Understanding of operating systems, networking technologies, and specific implementations 
  • Working knowledge of embedded systems and associated languages and build frameworks, including POSIX
  • Firmware signing and validation, signature methods and digital authentication, and non-repudiation
  • Secure boot within a firmware environment, integration with TPM, and Hardware security
  • Knowledge of in-memory credential handling and encrypted firmware and file systems
  • Familiarity with standards like ISO 27001, SSAE 16 / 18 SOC 2, ISO 21434, and Uptane framework is nice to have
  • Understanding CIS Benchmarks for Cloud providers, container technologies, and key services is a plus
  • Experience with embedded computing and security, including Uptane framework or similar
  • Familiarity with secure coding practices, processes, and methods is nice to have
  • Experience with hardware penetration testing and penetration tools is a plus
  • Strong customer focus and obsession with quality
  • Ability to work in a fast-paced and agile development environment
  • Strong communication and analytical skills
  • Knowledge of IoT
  • Proficiency in English
Job Details
Industry

technology

Job Location

Remote

Company Size

1 - 10

Timings

Full-time

Tech Stacks
ror dot_net asp_dot_net mern_stack

DevSecOps Engineer

Job Description

A rapidly-growing company that is dedicated to transforming the auto-tech sector with their linked car ecosystem technologies is looking for a DevSecOps Engineer. The selected candidates will be responsible for incorporating parameters for SAST, DAST, and Third-Party library evaluation into CI/CD processes. The company is creating market-leading products and large-scale automotive and IoT software, data, and diagnostics management solutions. The company has managed to securely raise $85mn+ during its Series B round of funding.

Job Responsibilities:

  • Help create a security roadmap for all the products
  • Create integration teams and deliver security product specifications that contain the software’s needs, design specifications, and test plans
  • Support the Software / Cloud team’s Threat Analysis and Risk Assessment (TARA).
  • Implement controls for SAST, DAST, and Third-Party library analysis into CI/CD workflows
  • Other cloud security integrity controls and image assurance
  • Conduct assessments of vulnerabilities in the cloud environment, including those in the infrastructure and third-party libraries, and set priorities for resolving them
  • Work with the software team to implement cybersecurity requirements and assess test and software analysis reports after analyzing cybersecurity attack entry points and weighing risk versus impact
  • Analyze market competition and stay current on new security technology in the automotive and consumer electronics industries

Job Requirements:

  • Bachelor’s/Master’s degree in Engineering, Computer Science (or equivalent experience)
  • At least 5+ years of relevant experience as a software engineer
  • Experience designing secure boot, firmware signatures, and validation
  • Experience planning and developing security policies, procedures, and standards within an IoT environment with constrained resources
  • Understanding of operating systems, networking technologies, and specific implementations 
  • Working knowledge of embedded systems and associated languages and build frameworks, including POSIX
  • Firmware signing and validation, signature methods and digital authentication, and non-repudiation
  • Secure boot within a firmware environment, integration with TPM, and Hardware security
  • Knowledge of in-memory credential handling and encrypted firmware and file systems
  • Familiarity with standards like ISO 27001, SSAE 16 / 18 SOC 2, ISO 21434, and Uptane framework is nice to have
  • Understanding CIS Benchmarks for Cloud providers, container technologies, and key services is a plus
  • Experience with embedded computing and security, including Uptane framework or similar
  • Familiarity with secure coding practices, processes, and methods is nice to have
  • Experience with hardware penetration testing and penetration tools is a plus
  • Strong customer focus and obsession with quality
  • Ability to work in a fast-paced and agile development environment
  • Strong communication and analytical skills
  • Knowledge of IoT
  • Proficiency in English
To top