DevSecOps Engineer - Cybersecurity
Deckers
posted about 2 months ago
About the position
Deckers Brands is seeking a talented DevSecOps Engineer to join our Information Security Team. This role is pivotal in integrating security into the software development lifecycle, ensuring that our code development processes are secure and compliant with industry regulations. The ideal candidate will thrive in a collaborative environment, working closely with application development, operations groups, and business stakeholders to maintain the confidentiality, integrity, and availability of our data. As a DevSecOps Engineer, you will be responsible for deploying and maintaining cybersecurity technologies, conducting threat hunting, and responding to incidents. Your expertise will help us implement security best practices and ensure that our solutions are robust against potential threats. In this role, you will perform penetration tests on both internal and external code, assist in the development and maintenance of static and dynamic code analysis tools, and conduct security impact assessments on code releases. You will collaborate with global teams to audit and monitor software development lifecycle standards, ensuring they are properly defined and maintained. Additionally, you will work with development teams to optimize Web Application Firewalls and DDoS solutions, provide support for escalated security-related requests, and review third-party connections to ensure compliance with Deckers Brands' security requirements. Your contributions will be essential in driving the development of an Application Security Testing Orchestration (ASTO) environment, and you may be required to travel occasionally to remote or regional offices.
Responsibilities
- Perform penetration tests on internal and external code to ensure Deckers' desired security posture is maintained
- Assist with the development, deployment, and maintenance of static and dynamic code analysis tools
- Perform security impact assessments on code releases to ensure appropriate security controls are in place
- Work with global teams to audit and monitor software development lifecycle standards
- Collaborate with development teams to tune Web Application Firewalls and DDoS solutions
- Provide follow-the-sun support for escalated Information Security-related requests and incidents
- Work with security operations analysts to perform deeper analysis of detected events
- Review third-party connections and communications for compliance with security requirements
- Drive development of an Application Security Testing Orchestration (ASTO) environment
- Occasional travel to remote or regional offices may be required
Requirements
- BA/BS degree, or equivalent experience
- Security professional certification such as CISSP, SSCP, AWS Certified Security - Specialty, or similar credentials
- 3 years' experience in a development or DevOps role, or a combination of both
- Experience with eCommerce SaaS solutions, preferably Salesforce Commerce Cloud
- Knowledge of security cloud architecture, particularly in AWS environments
- Understanding of Cloud Formation Templates and AWS CLI scripting
- Familiarity with Web Application Security and common vulnerabilities
- Deep understanding of database security and familiarity with security scanning tools
- Experience with security incident response and risk management
- Experience in the design, development, and operational support of mission-critical solutions
- Familiarity with the Atlassian suite of products: Confluence, Jira, and Bitbucket
- Proficiency in programming languages such as Python, Ruby, Java, or C++
- Ability to read and understand exploit code
Nice-to-haves
- Experience writing shellcode
- Fluent written and spoken business English
- A proactive and detail-oriented approach to cybersecurity
- Strong problem-solving abilities
- Excellent communication skills for diverse audiences
Benefits
- Competitive Pay and Bonuses
- Financial Planning and Wellbeing
- Time Away from Work
- Extras, Discounts and Perks
- Growth and Development Opportunities
- Comprehensive Health and Wellness Programs
