DevSecOps Full Stack Engineer

About The Team

The DevSecOps Engineering team builds sustainable, resilient, and well-engineered software solutions to solve problems in the product security domain within the larger Product Security organization. The team of four remote full-stack engineers operates using Agile development methods and collaborates daily using ensemble programming, also known as mob programming. The team works on a wide variety of problems, including auto-remediation of cloud vulnerabilities across our entire cloud environment and the integration of security tools in CICD pipelines.

About The Opportunity

As a Senior Full Stack Engineer within DevSecOps Engineering, you will collaborate closely with other engineers on the team using ensemble or mob programming methodologies to build and operate product security solutions in support of Client's mission. You will use a variety of technologies to build, operate, and maintain software and automation solutions in an ever-growing cloud environment. The team's solutions will support the secure delivery of all Client digital products including Digital Assessment Platform, PowerFAIDS Cloud, and BigFuture.

In This Role, You Will

Collaborate daily with other engineers on the team using mob programming to solve complex technical problems through software engineering. Implement automated solutions, based on a set of standards and processes, that enable Client developers to easily consume security and compliance services delivered by the Product Security team. Coordinate with other engineers, architects, and teams in implementing a comprehensive cloud and application security program in a DevOps environment. Drive continuous improvement of the team's engineering practices, efficiency, speed, and quality. Leverage automated tools to build, harden, maintain, and instrument a comprehensive cloud-based security orchestration platform to be consumed in product CI/CD pipelines. Develop automated security and compliance capabilities in support of DevOps processes in a large-scale AWS cloud computing environment. Write complex code, building infrastructure as code, work with immutable "cloud based environments, and build the supporting automated toolsets necessary to support the secure continuous delivery pipeline. Integrate security practices across the CI/CD pipeline to provide a comprehensive automated cloud and application security solution from the epic definition, development, test and deploy of CB applications within our AWS environments. Support the development of software engineering standards by creating templates and patterns to increase the productivity of the security program across the entire Client organization. Foster, and build a community of practice for collective learning of security tools, practices, and systems across all disciplines.

About You

You have:

Love of learning and a growth mindset. Software engineering is your craft, not just your job. Demonstrated software engineering experience and proficiency using JavaScript and TypeScript. 3 years or more experience with extensive exposure to numerous aspects of software engineering and demonstrated full stack proficiency using JavaScript and TypeScript. Deep understanding of Amazon Web Services (AWS) including IAM, KMS, EC2, Event Bridge, ECS, Config, CloudTrail, CloudFormation, Lambda, and others using AWS CloudFormation, CDK or Serverless Framework. Working knowledge of IP networking, VPNs, DNS, load balancing and firewalling. Experience in establishing software engineering guidelines and in performing code and design reviews. Experience in documenting design and architecture artifacts and presenting artifacts for architectural review.

Differentiators

Experience in pair programming or mob programming methodologies. Experience in DevOps and CICD automation and tooling. Strong knowledge of cloud security, application security, and security engineering. Experience working as part of a Platform Engineering team and/or contributing to open-source projects. An AWS professional level certification, AWS Security Specialty certification is a plus. Experience developing client applications using the Electron framework.

About Our Process

Application review will begin immediately and will continue until the position is filled While the hiring process may vary, it generally includes resume and application submission, recruiter phone screen, hiring manager interview, performance exercise such as live coding, a panel interview, a conversation with leadership and reference checks

Key Skills

• TypeScript
• Full Stack
• JavaScript