Devsecops Engineer

Description:

Firebolt is a disruptor in the data & analytics space. Based on technology that delivers an order-of-magnitude performance leap in TB-scale analytics, Firebolt helps the most data-forward companies create a new wave of data & analytics experiences for end-users. With a team of world-class data experts, led by leadership veterans from Looker, Google BigQuery, Imply and Sisense, and backed by $264M in funding - we are growing quickly and are poised to build the data platform of the future, and set a new bar for what can be done with data.

Roles and Responsibilities:

We are looking for a full-time DevSecOps Engineer to join our Cloud Security team. Reporting to the company’s CISO, the candidate will work closely with all Engineering teams and own the implementation, operation, and maintenance of all security technologies and processes.

As part of your work you will:

• Operate and maintain cloud security prevention, identity, and governance tools
• Operate and maintain cross-company SaaS security tools
• Work to integrate security validation tools with CI/CD pipelines
• Lead and prioritize security Incident Response efforts
• Lead and prioritize security remediation plans

Requirements:

• 4+ years of hands-on experience as a DevOps SRE engineer
• 3+ years of experience AWS security services (e.g. IAM, SCP’s, etc)
• 2+ years of production experience with Kubernetes including using open source solutions from the eco-system
• 2+ years of experience with "Infrastructure as a code" tools such as Helm, Terraform, Pulumi or similar
• Skills with at least one of general-purpose languages such as Golang, Python, Ruby, Java, Rust, C# or NodeJS
• 2+ years of production experience Github and Github Actions
• Strong skills with a variety of monitoring and alerting tools
• A passion for learning, developing, monitoring, and provisioning systems that perform well at scale
• Strong attention to detail and quality control

Advantages

• BS/Master degree in Computer Science, Engineering, or a related field
• AWS professional certification or similar
• Understanding of application security in a cloud environment
• Strong Kubernetes skills, experience with modern CNIs, volume plugins, security, operators, service meshes, ingresses and K8s ecosystem
• Experience working with RED-Teams
• Experience with security testing and preventive tools (VM, DAST, WAF, CSPM, etc.)
• Ability to review IaC for security gaps