DevSecOps Engineer

Your role as a DevSecOps at Aqemia

• You will be responsible for the integration of security measures into every phase of the software development lifecycle as well as the acquisition, setup and maintenance of any Security tool we would need to safeguard the organization.
• As a DevSecOps Engineer, you will work closely with the Compute team lead (for prioritization), development teams (for education, awareness & training) and core G&A (onboarding, offboarding…) to implement security best practices, automate security processes, and enhance the overall security posture of the organization. This role requires a deep understanding of DevOps practices, cloud environments, and security technologies.
• Frictionless Security: the right path should be the easy path
• Participate in Threat Modeling and Asset Classification efforts
• Champion, educate and evangelize Security initiatives within the organisation
• Foster developer-security collaboration on secure coding practices and process-changing decisions
• Contribute to the Software Development Lifecycle and Supply Chain Assurance efforts
• Write Configuration, Infrastructure, Pipeline, Policy as Code and setup drift detection
• Secure the Cloud and connections from & to it
• Automate everything: Infrastructure, Pipelines, Policies, Scans, Remediations etc.

The competencies we are looking for

• Prior experience as a DevOps/DevSecOps within an engineering organisation
• Knowledge of "Infrastructures as Code (IaC)" technologies like Terraform (Pulumi and Crossplane are a plus)
• Previous experience securing CI/CD pipelines and doing Supply Chain Assurance (SLSA and TUF are a plus)
• Previous experience doing Application security (OWASP TOP 10, secrets management, MITRE ATT@CK, etc.)
• Previous experience remediating Penetration test findings
• Solid knowledge of Cloud infrastructure and products (AWS, other cloud experience is a plus)
• Solid knowledge of containerization and OCI tooling (runtimes, builders, registries)
• Solid knowledge of secure Kubernetes practices (OPA, Kyverno, Kustomize and Timoni are a plus)
• Solid knowledge of AuthN, AuthZ and Identity and Access Management (IAM) (e.g AWS IAM, OIDC, Kubernetes RBAC, etc. – Zero Trust is a plus)
• Experience with Compliance and Security Programs is a plus (ISO27001, SOC2, GDPR, NIST 800­-53, 800­218, OpenSSF, SLSA, etc.)
• Proficiency in Python is a plus

Preferred mindset

• You find the right balance between quality and fast iterations
• You focus on impactful changes with frictionless designs
• You know how to interact with technical stakeholders that are wary of security driven changes
• You are eager to play an active role in contributing to Aqemia’s strategy to develop drugs for patients.
• You are anxious to bring your wealth of knowledge and skills to the table to inspire and coach brilliant people from diverse backgrounds.
• You are keen to solve tough problems on issues that truly matter, with a proactive and a can-do attitude.
• You thrive on working collaboratively in a fast-paced, interdisciplinary environment that keeps everyone on track.

Our Process

• 1 - Hiring Manager’s interview: you’ll meet directly with your future manager Zeïd (1h, visio call)
• 2 - Technical assessment of your skills: Take home assignment (minimum 4h) - on Github
• 3 - Cultural fit interview with our co-founder and COO Emmanuelle (45min)
• 4 - Final interview with our co-founder and CEO Maximilien (45min)

Stack & tools

• Our Stack:
• AWS
• Git on Github with Github Actions for CI/CD pipelines
• Kubernetes with Helm, Kustomize, ArgoCD
• Some of our Tools:
• Wiz.io
• Tailscale