DevSecOps Engineer

Do you have a passion for building secure and reliable software?

Do you want to use your expertise to drive broader impacts across an organization and the software development life cycle?

Do you enjoy staying up to date on the latest and greatest in InfoSec and software development practices?

At Paradox, we believe when you get the people thing right, you can build teams that can change the world. We’re helping organizations around the globe reimagine hiring with our first-of-its-kind recruitment technology. From our Conversational ATS to our best-in-class hiring assessments, Paradox is laser focused on building world class products and a team that our clients love. Our high-performance culture and triple-digit growth have been recognized on Deloitte’s "Fast 500" technology companies, the Inc 5000 list of fastest-growing private companies, and as a Forbes Best Startup Employers. And we’re just getting started. We are looking for top performers who have a track record of success and want to build a company and create the future together. 

We’re looking for a strategic technical expert to partner with our DevOps and software engineering teams to drive scalability, security and reliability in the development of industry leading solutions. Your expertise in data security, privacy laws, and emerging technology trends, particularly in AI, will be instrumental in ensuring comprehensive protection for the HR industry’s leading software company.

Sound like your perfect fit? We want to hear from you! 

As a DevSecOps Engineer, you will be responsible for designing and implementing the latest Continuous Integration/Continuous Deployment (CI/CD) security standards, systems, and authentication protocols, as well as best practice security and scalability processes and solutions in a fast-moving technological environment. In this role, you will: 

• Drive the integration of security practices into the secure software development lifecycle (SSDLC) through the implementation of DevSecOps principles.
• Collaborate with development, operations, and security teams to ensure security is built into every stage of the development and deployment process.
• Establish and automate security controls, testing, and compliance checks within CI/CD pipelines to enable continuous security monitoring and enforcement
• Conduct regular security assessments, vulnerability scans, and penetration tests to identify and remediate security weaknesses in applications and infrastructure.
• Implement and manage security tools and technologies for threat detection, incident response, and log analysis within cloud and on-premises environments.
• Support the integration and management of security tools, such as Github Security, APM, SAST and DAST scanning, Open Source Libraries SBOM, etc. 
• Provide guidance and support to development teams on secure coding practices, secure configuration management, and secure deployment techniques.
• Stay informed about emerging security threats, vulnerabilities, and industry trends to proactively enhance our DevSecOps practices and defenses.
• Act as a liaison with external security auditors and regulators to ensure compliance with relevant security standards and regulations.
• Mentor and train team members on DevSecOps principles, practices, and tools to foster a culture of security awareness and continuous improvement.

Required Qualifications:

• 5+ years experience in Security Engineering, DevSecOps, DevOps or similar roles, with a focus on integrating security into the software development lifecycle.
• Demonstrated experience working in an AWS cloud environment, including implementing security controls and setup/configuration with other technology like DB (EC2 and S3), Kubernetes, Sendgrid, Network Traffic (Cloudflare), etc. 
• Strong understanding of SSDLC and DevOps principles and methodologies, including continuous integration, continuous deployment, and infrastructure as code.
• Strong understanding of information security principles, concepts, and best practices
• Proficiency in implementing and managing security technologies, such as firewalls, intrusion detection systems, encryption protocols, and vulnerability management tools
• Experience with risk assessment methodologies and security frameworks (e.g., OWASP, MITRE, NIST, ISO 27001/27002, CIS Controls)
• In-depth knowledge of common security vulnerabilities, attack vectors, and mitigation techniques.
• Experience with security testing tools and techniques, such as static analysis, dynamic analysis, and fuzz testing.
• Experience in responding to Requests for Proposals (RFPs) or similar proposal development processes
• Knowledge of regulatory compliance requirements related to data security and privacy (e.g., GDPR)
• Excellent analytical and problem-solving skills, with the ability to identify and mitigate security risks effectively
• Strong communication and collaboration skills to work effectively with cross-functional teams and stakeholders, with proven experience working with senior stakeholders and in client engagements.
• Strong problem-solving skills and the ability to prioritize and manage multiple tasks in a fast-paced environment.
• Bachelor's degree in Computer Science, Information Technology, or related field; or equivalent practical experience.
• Authorization to work in the United States

Preferred Qualifications: 

• Relevant certifications such as Certified DevOps Engineer (e.g., AWS or Azure), Certified Information Systems Security Professional (CISSP), or equivalent, are a plus
• Ability to work from our Scottsdale, AZ office is preferred

Why you should work at Paradox: 

• Work side by side with passionate, purposeful people - Talent is our DNA and we pride ourselves on having the best!
• Ability to make a big impact on a growing organization and drive your own growth
• The opportunity to be part of the team building the next big thing in recruiting technology
• Internal and external professional development, coaching, and continuous education opportunities