Senior DevSecOps Engineer

The Engineering team builds the software powering Veriff. We are dedicated to securing and optimizing our infrastructure to ensure we protect user data and provide a seamless experience for everyone. In a fast-paced environment, we need new talent to help us stay ahead, bring fresh perspectives, and implement scalable, secure solutions that keep Veriff on the cutting edge.

Our DevOps team is the backbone of our security and operational infrastructure. We focus on building and maintaining secure, optimized, and scalable network systems within AWS. We work closely with other cross-functional teams to align our strategies with the company's security goals and best practices. The team is dynamic, agile, and data-driven, constantly enhancing the reliability, security, and performance of Veriff’s network infrastructure.

As a Senior DevSecOps Engineer, we expect you to have strong expertise in network security and infrastructure optimization. Your technical proficiency will guide and mentor others, ensuring we’re leveraging the best technologies, managing risks effectively, and optimizing our costs. You will be at the forefront of shaping and securing Veriff’s network architecture, driving security practices across the organization, and maintaining a proactive stance on system observability and threat management.

You’ll help us protect honest people online by:

• Enhancing Network Infrastructure on AWS: Continuously improving and optimizing network architecture within AWS, ensuring scalability, performance, and security across all systems.
• Managing Firewall & Security Groups: Implementing and managing AWS security groups, NACLs, and firewalls to safeguard the network from external and internal threats.
• Elevating Kubernetes Network Security: Strengthening the security of Kubernetes networking, focusing on pod-to-pod communication, ingress/egress traffic control, and service-level security.
• Leveraging Istio for Network Mesh Security: Implementing and managing Istio within AWS, ensuring secure service-to-service communication, including mutual TLS, authentication, and authorization policies.
• Network Threat Detection: Monitoring and analyzing network traffic on AWS for potential threats using tools like GuardDuty, VPC Flow Logs, and CloudWatch.
• Ensuring Compliance & Best Practices: Aligning AWS network security configurations with industry standards and regulatory compliance frameworks (e.g., SOC 2, GDPR, AWS Well-Architected Framework).
• Driving Proactive Vulnerability Management: Automating security testing in the CI/CD pipeline using tools like AWS Inspector, proactively addressing vulnerabilities early.
• Optimizing Network Performance: Applying your expertise to optimize network data flow, improve performance, and reduce latency across cloud and on-prem systems.
• Collaborating Across Teams: Working closely with InfoSec, DevOps, and other teams to ensure our network infrastructure is secure, optimized, and aligned with the broader business goals.

You are the right future Veriffian for the job if you have:

• Strong expertise in networking and infrastructure optimization, especially within AWS environments.
• Proficiency in firewall management and securing cloud networks using AWS security groups, NACLs, and other best practices.
• Experience with Kubernetes network security, ensuring secure pod-to-pod communication, ingress/egress traffic control, and service-level security.
• Deep knowledge of service mesh technologies, particularly Istio, including mutual TLS, traffic management, and security policies.
• Hands-on experience with AWS GuardDuty and WAF, optimizing and securing these tools for threat detection and response.
• Advanced knowledge of cloud security best practices, including frameworks like the AWS Well-Architected Framework, CIS Benchmarks, and regulatory standards such as SOC 2, GDPR, and PCI-DSS.
• Experience with observability and monitoring tools, including Prometheus, Grafana, AWS CloudWatch, and VPC Flow Logs, to monitor and optimize network performance.
• Strong communication skills, with the ability to collaborate with cross-functional teams and influence decision-making.
• A passion for proactive security and performance optimization, always looking for ways to enhance reliability, reduce risk, and improve user experience.

You’re an especially awesome match if you have:

• Experience with other service meshes beyond Istio, such as Linkerd or Consul.
• Security certifications, such as AWS Certified Security Specialty, CISSP, or CISM.
• Experience with DevSecOps tooling and practices to automate security into the development lifecycle.

This role will be 100% on-site in our brand-new office opening soon.

• Stock options that ensure your share in our success
• Extra recharge days on top of your annual vacation
• Medical insurance to ensure you’re feeling great physically and mentally
• Learning and Development & Health and Sports budget that you are free to tailor to your own needs
• Four weeks of fully paid sabbatical leave after reaching your 5th work anniversary