As a DevSecOps Engineer, you are the key to helping Asure achieve our cloud-first vision. We need your help modernizing our existing technology and building the next generation of infrastructure and application security. Enjoying the challenges of deploying our existing solutions in the cloud. If you’re looking to advance your knowledge and experience with Amazon Web Services (AWS), infrastructure-as-code, security-as-code, designing security systems, data protection, and establishing patterns for scale, then look no further.
A part of a small but mighty Information Security team, you work closely with our DevOps, SaaSOps and Engineering teams. Dedicated to building security solutions that are cloud-first and leverage code-based build, through deployment and operation methods. Using your expertise and deepening your experience with infrastructure-as-code, cloud technology, security, networking, software deployment, logging, metrics, monitoring, alerting, and automation. Rewarded with rapid career growth on a variety of different platforms and technologies- containerization, docker Kubernetes, Lambda, etc. You will be responsible for helping to build best operations security best practices into our services.
Work to design, build, and support the security of cloud-based systems that serve our clients.
Implement and operate security technologies such as: firewalls, WAFs, container security, AV/EDR, and SIEM.
Manage security alerts and participate in the incident response process.
Drive adoption of security best practices and embedded cloud security controls as part of the SDLC.
Use your knowledge of a broad set of AWS services to design appropriate security and compliance solutions for the business.
Conduct internal and external vulnerability testing using leading industry tools. Present assessment reports to clearly document security findings with reasonable methods to secure.
Establish patterns for our organization that deliver our software products to our clients at scale with high performance and strong security.
Contribute to operational efficiencies- by managing SIEM event tuning to reduce false positives and implement security automation for code quality and testing.
Participates actively in product design providing insight and direction related to application security risks such as implementation of security-related product features like authentication, cryptography, etc.
Keep current on the security community for public-facing security issues, as well as new testing tactics.
Contribute to balancing cost, resources, and business priorities.
Provide and give feedback on everything we do with transparency.
Your Qualifications- what you bring
Bachelor’s degree in Computer Science, Information Security or other technology related course of study- work experience targeting information security or cyber security considered.
Experience with static and dynamic code analysis tools.
Your expertise of working in a production environment with security in serverless architecture and application designs.
Solid understanding of application security vulnerabilities (OWASP top 10) and countermeasures to reduce related risks.
Experience with automating the deployment, configuration, and operations of infrastructure (Windows and Linux servers/applications, and AWS services).
Detailed knowledge of infrastructure technologies such as: operating systems, firewalls/WAFs, containerization, web servers, load balancing, AV/EDR, SIEM, logging, monitoring, and alerting.
Understanding of container security concepts, tools and best practices, including vulnerability management, securing the container management stack, and integrity of the build pipeline
Awareness of technical trends around infrastructure and cloud technologies, such as: Serverless, MongoDB, Couchbase, AWS, Kubernetes, Azure, Nginx
Experience with the fundamentals of Agile and Scrum software development.
Exposure to database technologies such as SQL, MySQL, and NoSQL
Familiarity with SOC, SOX, ISO2700x, NIST SP 800-53, and CSA standards.
One or more certificates (CISSP, GSEC, OSCP, CEH, AWS) a plus, but not required.
Exposure to organizations that provide SaaS- software as a service.
Scientific approach to troubleshooting and problem-solving.
Strong capability to learn independently.
Commitment to professional growth.
Your Benefits- aka the good stuff
Annual Bonus Opportunity
Medical, Dental, Vision, HSA, FSA- effective day 1
Basic Life, A+D, and STD
401K Program with matching
Fitness Reimbursement Program
Employee Stock Purchase Program
Company Comradery: President’s Circle Award, Team Building, Happy Hours, Charity Drives, and Team Lunches
Some “COOL” Extras: Kitchen stocked with unlimited snacks and drinks, Taco Tuesdays, Flap Jack Fridays, End of Month Lunch, and more!
Asure sees Human Capital Management (HCM) through the lens of entrepreneurs and executives with an owner’s mentality. We help businesses develop their “Human Capital” to get to the next level, stay compliant, and allocate their time, money and technology toward growth.
Our HCM platform enables more than 60,000 clients to build great teams and better manage their people while staying compliant in an ever-changing HR legislative landscape. Asure’s HCM offering includes Payroll & Tax, HR, and Time & Attendance software and HR Services ranging from online compliance tools to a fully outsourced HR department.
To provide Human Capital Management (HCM) software and services that help companies grow, while nurturing a culture of growth around us.
Helping customers grow by getting the most from their human capital.
Helping our employees grow personally and professionally.
Growing relationships in our communities that inspire goodness.
Do all of these things in a way that grows shareholder value.
Be the most trusted Human Capital Management resource to entrepreneurs everywhere.
Reflect who we are and what we stand for as a company:
Lead with Integrity
Own the Outcome
Be a Good Human
We are an equal opportunity employer. All candidates must be legally authorized to work in the US, as we are unable to sponsor or transfer Visas at this time. Criminal background checks conducted at employment offer.