Staff DevSecOps Engineer
About Aerospike
At Aerospike, we dream big. Our focus is helping companies tackle seemingly insurmountable problems and doing what’s never been done before. That is why we developed the world's leading real-time data platform that powers mission-critical applications at the world's most innovative, category-disrupting companies.
Our customers have deployed extreme-scale real-time applications to fight fraud, dramatically increase shopping cart size, enable global digital payments, and deliver hyper-personalized user experiences to tens of millions of customers. Customers like Airtel, Experian, Nielsen, PayPal, Snap, Verizon Media, Wayfair, and many others rely on Aerospike as the data foundation for the future to help them act in the microsecond moments that matter. Aerospike is headquartered in Mountain View, California, and has a global presence with offices in London, Bangalore, and Tel Aviv.
Staff DevSecOps Engineer
Job Description:
As a Staff Security Engineer, you will be a pivotal part of our security team, bridging the gap between business requirements and technical implementation. You will collect and communicate business needs to the engineering team and provide the necessary tools and methodologies to ensure these needs are met securely and efficiently.
Key Responsibilities:
- Security Integration: Implement and maintain security standards, automation, and processes within the CI/CD pipelines to enable secure code deployments and infrastructure management in a non-disruptive manner for our engineers .
- Threat Modeling & Vulnerability Management: Identify and prioritize potential threats, vulnerabilities, and risks in the software development lifecycle. Design and implement security solutions to address these gaps.
- Infrastructure as Code (IaC): Define and enforce secure configurations for cloud and on-premises environments using IaC tools (e.g., Terraform, CloudFormation, etc.).
- Security Automation: Develop and implement security guardrails, automated testing, and monitoring frameworks for continuous validation of security controls.
- Incident Response & Mitigation: Act as the primary escalation point for security incidents, performing root cause analysis and driving remediation efforts.
- Mentorship & Leadership: Guide and mentor junior engineers and advocate for secure coding, DevSecOps culture, and best practices across the organization.
- Documentation & Reporting: Create and maintain comprehensive security documentation, metrics, and reports to communicate security posture and compliance status.
- Requirement Gathering and Analysis:
- Collaborate with business stakeholders to understand and document their security requirements.
- Translate business needs into technical specifications and security requirements for the engineering team.
- Ensure that business needs are aligned with security best practices and regulatory requirements.
- Communication and Collaboration:
- Serve as the primary liaison between business units and the engineering team.
- Facilitate clear and effective communication of security requirements, risk assessments, and expectations.
- Work closely with product managers, developers, and other stakeholders to integrate security into the software and product development lifecycle.
- Tooling and Methodologies:
- Identify, evaluate, and implement security tools and technologies that address business needs.
- Develop and maintain security guidelines, policies, and best practices for the engineering team.
- Provide training and support to engineering teams on security tools and methodologies.
- Security Architecture and Design:
- Participate in the design and architecture of secure systems and applications.
- Conduct security assessments and threat modeling to identify potential risks.
- Recommend and implement security controls and measures to mitigate identified risks.
- Continuous Improvement:
- Stay current with emerging security trends, threats, and technologies.
- Continuously improve security processes and methodologies.
- Lead security-related initiatives and projects to enhance the organization's security posture.
Qualifications:
- Education: Bachelor’s or Master’s degree in Computer Science, Information Security, or a related field (or equivalent work experience).
- Experience: Minimum 7-10 years of experience in DevSecOps, DevOps, or Security Engineering roles, with a strong understanding of cloud security (AWS, Azure, GCP).
- Certifications (Preferred): CISSP, CEH or other relevant security certifications.
- Soft Skills: Excellent written and verbal communication skills, ability to lead without authority, strong problem solving skills, and with a proactive mindset.
Skills:
- Familiarity with DevSecOps practices and tools.
- Technical Skills:
- Hands-on experience with CI/CD tools (e.g., GitHub Actions, GitLab CI, CircleCI) and configuration management tools (e.g., Ansible, Chef, Puppet).
- Strong understanding of security principles and compliance standards (e.g., OWASP, CIS Benchmarks, NIST, ISO, SOC, GDPR, Schrems).
- Knowledge of container security (e.g., Docker, Kubernetes), serverless architectures, and microservices.
- Proficiency in scripting and programming languages (e.g. Python, Go, Bash).
- Proficiency in IAC tools and use (e.g. Terraform, Pulumi)
- Knowledge of major public clouds and demonstrable proficiency in at least one (GCP, AWS, Azure)
Aerospike is an Equal Opportunity Employer. We are committed to providing an environment free from discrimination on the basis of race, religion, color, sex, gender identity, sexual orientation, age, non-disqualifying physical or mental disability, national origin, veteran status, or any other basis covered by appropriate law.
Join us at Aerospike and be part of a dynamic team that is shaping the future of data management. Salary Range for California Based Applicants: [$200,000 - $220,000] (actual compensation will be determined based on experience, location, and other factors permitted by law).
.