Mid/Senior DevSecOps Engineer

Details

About the team - There are rumours that you can find part of our soul in almost every project.

Some of them are NordSec, NordPass, NordLocker, NordVPN, Threat Protection, Payments, NSP, WebSec, InfoSec (and many more). Our goal is to provide a highly available, scalable, and fast platform for everyone and make the development and deployment process more effective and fast. Keep the system secure and stable.

Responsibilities

• Build, test, and maintain infrastructure and tools, which allow for secure, agile software development and automated releases;
• Document DevOps processes, including developing standards to guide operations, support, and maintenance;
• Ensure software design security and define secure implementation practices;
• Develop scripts and security automation tools to enhance application security testing processes;
• Work together with the Web Application Security team and other IT personnel for cyber security problems resolution;
• Perform application security scanning using SAST/DAST/SCA tools;
• Identify manual processes that can be automated in an efficient manner;
• Mentor other engineers, define our technical security culture, and help build an Application Security team presence across our product range.

Requirements

• Knowledge in Docker, Kubernetes, CI/CD Pipeline (GitLab, Azure DevOps), Infrastructure design, and IaC (Terraform);
• Demonstrated experience with secure development, coding, and engineering practices;
• Experience with SAST tools maintenance and setup would be a benefit;
• AWS and Azure knowledge;
• Proficiency in automation and monitoring tools (ability to automate repeatable tasks via scripting) for Linux and Windows environments;
• Ability to define and deploy monitoring, metrics, and logging systems;
• Experience with Security as Code (SaC) tools;
• Understanding of DevSecOps Maturity Model;

Benefits