DevSecOps Engineer

Cyera customers trust that their transactions and private information are secure due to the high standards of security enforced for Cyera technology. The application security program is designed to ensure that any software developed or acquired meets these stringent standards while enabling rapid innovation to meet customers' ever-changing needs. 

We are currently seeking an experienced DevSecOps Engineer to join our dynamic team. The ideal candidate will have a strong foundation in DevOps practices as well as a solid understanding of security principles as they relate to development and operational processes. This role is crucial for ensuring the integrity, confidentiality, and availability of our services across various cloud platforms including AWS, GCP, and Azure.

Key Responsibilities:

• Implement and maintain security policies and procedures to protect our systems and data across AWS, GCP, and Azure platforms.
• Automate security controls, data, and processes to provide improved metrics and operational support using scripting languages such as Python, Node.js, and Bash. 
• Integrate security tools, standards, and processes into the product life cycle (PLC).
• Work closely with the development team to integrate security practices into the development lifecycle from the initial design phase through deployment, including the implementation of CI/CD pipelines.
• Conduct system and application vulnerability testing, risk analyses, and security assessments.
• Manage and configure cloud-based environments for optimal performance and security.
• Respond to and, where possible, prevent security incidents and breaches, participating in post-mortem analysis to avoid similar vulnerabilities.
• Ensure compliance with industry standards and certifications such as SOC2, ISO 27001, PCI, FFIEC, SOX, and more.
• Integrate threat modeling practices into the product life cycle.
• Manage annual penetration testing services, and red team testing, including both expert consulting and managed services.
• Support Vendor Security activities to ensure 3rd-party software and development meets Cyera security standards.
• Produce metrics reporting the state of application security programs and performance of development teams against requirements.

• Minimum 4 years of experience in a DevOps role with a focus on security (DevSecOps).
• Proven experience with cloud services (AWS, GCP, Azure) including architecture and security configurations.
• Strong scripting skills in Python, Node.js, and Bash.
• Knowledge of security principles, techniques, and technologies (e.g., encryption, IAM, network security, application security).
• Experience with CI/CD tools and processes.
• Familiarity with containerization and orchestration technologies (e.g., Docker, Kubernetes).
• Demonstrated experience in managing and achieving SOC2, ISO 27001, and other relevant certifications.
• Strong communication and collaboration skills to work effectively across teams.
• Relevant certifications (e.g., AWS Certified Security Specialty, Certified Kubernetes Administrator, CompTIA Security+) are a plus.
• Familiarity with waterfall and agile development processes and experience integrating secure development practices into both models.
• Familiarity with a variety of development and testing tools, including: Eclipse, GIT, GCC, JIRA, Subversion, Maven, ClearQuest/Case, Silk, FindBugs, HP/Fortify SCA, IBM AppScan, and HP WebInspect.
• Ability to explain all vulnerabilities and weaknesses in the OWASP Top 10, WASC TCv2, and CWE 25 to any audience and discuss effective defensive techniques.

What We Offer:

• A collaborative and innovative team environment.
• Opportunities for professional growth and advancement.
• Competitive salary and benefits package.
• Access to the latest tools and technologies.

If you are passionate about leveraging your DevOps and security expertise to make a tangible impact on our operations, we would love to hear from you. Apply today to become part of our mission to deliver secure, reliable, and scalable solutions.