Moveworks - DevSecOps Engineer - Vulnerability Management (2-4 yrs)

- We are looking for a passionate DevSecOps engineer to join our team. As a DevSecOps Engineer, you will play a critical role in ensuring the security of our software development processes and infrastructure including FedRAMP compliant environment.

- Your expertise in both development and security will contribute to the successful delivery of high-quality, secure AI solutions to our customers.

Responsibilities :

- Secure Infrastructure : Design, implement, and maintain secure infrastructure and environments (such as FedRAMP-compliant environments) consisting of applications, containers, virtual machines, and cloud infrastructure.

- Vulnerability Management : Collaborate with teams to remediate and mitigate identified vulnerabilities. Also, work with the security team to assess vulnerabilities as well as identify potential security risks and weaknesses in the system.

- Security Automation : Develop and maintain security automation tools and scripts to streamline security processes and patch management as well as ensure consistent application of security controls across deployment pipelines and infrastructure.

- Incident Response : Respond to security incidents promptly, perform root cause analysis, and implement measures to prevent future occurrences.

- Security Audits and Compliance : Assist in security audits and compliance assessments to ensure adherence to industry standards and regulations. Collaborate with internal and external auditors to address any security-related findings.

- Collaboration and Documentation : Work closely with developers and security teams to identify security requirements and implement appropriate solutions. Maintain clear and comprehensive documentation of security practices, standards, and procedures.

Requirements :

- Bachelor's degree in computer science, information security, or a related field.

- 2 - 4 years of experience as a DevSecOps / DevOps engineer with experience in security

- Good knowledge of software development processes and CI/CD pipelines.

- Proficiency in programming and scripting languages such as Python and Bash.

- Understanding of security principles, secure coding practices, and common vulnerabilities (e. g., OWASP Top 10).

- Familiarity with security tools and technologies such as static code analysis, vulnerability scanners, intrusion detection/prevention systems, and SIEM solutions.

- Experience with vulnerability management and automating processes for resolving vulnerabilities.

- Experience with cloud platforms (e. g., AWS, Azure, Google Cloud) and containerization technologies (e. g., Docker, Kubernetes).

- Experience with infrastructure-as-code tools (e. g., Terraform, CloudFormation).

- Knowledge of security frameworks and standards (e. g., ISO 27001 NIST, PCI DSS).

- An appetite for working at a startup pace on challenging problems with a high degree of ownership.