
Inquire
-
Information Security / DevSecOps Engineer
Full Remote Β· Worldwide Β· 1 year of experience Β· Upper-IntermediateOur Information Security team is seeking a skilled Information Security / DevSecOps Engineer to augment our operations. This role focuses on strengthening our security posture through vulnerability management, code scanning, and incident response triage....Our Information Security team is seeking a skilled Information Security / DevSecOps Engineer to augment our operations. This role focuses on strengthening our security posture through vulnerability management, code scanning, and incident response triage. The ideal candidate will combine deep technical security expertise with DevOps experience to support our continuous integration/continuous deployment (CI/CD) processes and ensure robust threat management.
You will work closely with our Managed Security Service Provider (MSSP) and internal teams, including the InfoSec Manager, to proactively identify, assess, and remediate security risks as we transition from a PCI compliance focus to adopting the NIST framework.
Key Responsibilities- Vulnerability Management & Scanning:
- Conduct regular vulnerability assessments using tools such as Tenable.
- Analyze scan results and work collaboratively with development teams to remediate vulnerabilities.
- Code Scanning & CI/CD Security:
- Leverage Sonar Cloud for CI/CD pipeline scanning to ensure secure code development practices.
- Perform static and dynamic code analysis using Checkmarx to detect and prioritize code vulnerabilities.
- Integrate security testing within the development lifecycle, supporting DevOps practices.
- Threat Management & Incident Response:
- Triage actionable security events generated by our MSSP, utilizing tools such as Burp Suite and Kali Linux for targeted assessments.
- Coordinate with internal stakeholders via Jira to track, document, and resolve security findings.
- Compliance and Framework Adoption:
- Support efforts to transition from PCI compliance to NIST framework adoption.
- Assist in aligning security operations with industry-specific standards and incentives.
- Collaboration & Communication:
- Work closely with the InfoSec Manager and cross-functional teams to establish best practices in security operations.
- Provide clear communication and documentation of security findings and recommended remediations.
About You- Technical Expertise:
- Demonstrated experience in Information Security operations, vulnerability management, and incident response.
- Proficient with vulnerability scanning tools (e.g., Tenable) and code analysis tools (e.g., Sonar Cloud, Checkmarx).
- Familiarity with security assessment tools such as Burp Suite and the Kali Linux toolset.
- DevSecOps & CI/CD Knowledge:
- Experience integrating security into CI/CD pipelines and working within DevOps environments.
- Understanding of secure coding practices and automated security testing.
- Compliance & Framework Experience:
- Knowledge of PCI compliance standards and experience with or exposure to the NIST framework.
- Problem-Solving & Communication:
- Strong analytical skills with the ability to triage and resolve security issues efficiently.
- Excellent communication skills to work effectively with technical teams and stakeholders.
- Ability to quickly adapt to a fast-paced environment and manage multiple priorities.
Preferred Qualifications
- Experience with additional scripting or automation (e.g., Python, Bash) to streamline security operations.
- Prior exposure to threat management platforms and an understanding of incident response methodologies.
- A background in both development and security operations to bridge the gap between traditional security roles and modern DevOps practices.
Working Conditions
- This is a position with the possibility of remote work based on candidate availability and team requirements.
- Collaboration with internal teams and external partners (e.g., MSSP) will be required, so strong teamwork and communication skills are essential.
What We Offer
π Modern technology stack - innovate and build products while staying on a cutting edge.
π Young and easy-going team.
π Flexible work schedule.
π» Corporate MacBook Pro (if needed) for your optimal productivity.
π¦ Opportunities to work with young startups and global enterprises.
π Established in-house development practices.
βοΈ Paid vacation and sick leave. - Vulnerability Management & Scanning: