Soma Capital Portfolio Jobs

DevSecOps Engineer (Remote)



Posted on Wednesday, July 12, 2023
Jeeves is an all-in-one corporate card and expense management platform for startups, enterprises and SMBs around the world. Jeeves has raised over $380M and is backed by top investors including Andreessen Horowitz, Y Combinator, CRV, Tencent, Stanford University, Clocktower Ventures and Founders of more than 15 unicorns including David Velez (Nubank), Carlos Garcia (Kavak), Sebastian Mejia (Rappi) and the family office of two FAANG founders.Jeeves’ mission is to become the financial operating system for all global businesses. Since its public launch in March 2021, the company now services more than 3000 clients across 24 countries and 3 continents.Job Description:We seek a skilled and experienced DevSecOps Engineer to join our dynamic team. As a DevSecOps Engineer, you will work closely with the CISO to ensure our cloud infrastructure's security, availability, and performance. Your primary focus will be integrating security practices into the infrastructure and secure software development and deployment lifecycle, leveraging AWS services and best practices.Eligibility Criteria
  • Bachelor's Degree in Computer Science or equivalent
  • Must: 5+ years of applied cloud security knowledge of AWS
  • 5+ years Experience of reviewing production code and fixes for multiple codebases in Node.js
  • 2+ years of experience investigating the impact of cloud security engineering issues and incidents
  • Fluent in English

  • Design, implement and maintain secure cloud architecture solutions on AWS, including API security, ensuring compliance with industry best practices, while taking under consideration business needs and constraints
  • Collaborate with development and operations teams to integrate security practices into the software development lifecycle (SDLC), including continuous integration/ continuous deployment (CI/CD) pipelines
  • Conduct security assessments and vulnerability scans on cloud infrastructure and applications
  • Develop and implement security policies, standards, and procedures, ensuring proper access controls, encryption, and data protection
  • Monitor and analyse logs and alerts to detect and respond to security incidents, implementing incident response plans
  • Automate security processes and tasks using scripting languages, AWS CloudFormation, and infrastructure-as-code (IaC) tools
  • Stay up-to-date with the latest security features, tools, and industry trends, providing recommendations for enhancing security posture
  • Collaborate with cross-functional teams to define and implement security requirements for new projects and initiatives
  • Provide guidance and support to development teams in implementing secure coding practices and conducting security testing
  • Knowledge of conducting security checks (application vulnerability analysis and security component analysis)
  • Lead projects and ongoing support of security operations

What you bring:
  • Solid experience in designing, implementing, and securing cloud environments, including services such as EC2, S3, RDS, IAM, VPC, and CloudTrail
  • Strong understanding of DevOps methodologies and experience with CI/CD pipelines and tools (e.g., Jenkins, GitHub, SonarQube)
  • In-depth knowledge of cloud security best practices, industry standards, and compliance frameworks (e.g., NIST, CIS, ISO 27001)
  • Proficiency in scripting languages such as Python, Bash, Groovy
  • Experience with Infrastructure-as-Code (IaC) tools like AWS CloudFormation or Terraform
  • Familiarity with security scanning and monitoring tools, such as AWS Security Hub, GuardDuty, Inspector, or third-party solutions
  • Strong understanding of network security concepts, including firewalls, VPNs, and secure network architectures
  • Knowledge of secure coding practices and experience with application security testing tools (e.g., SAST, DAST, fuzzing, and secure coding patterns)
  • Excellent problem-solving skills and ability to work collaboratively in a team-oriented environment
  • Participate in incident handling and other related duties to support the information security function
  • The ability to learn and apply new concepts quickly
  • Strong written and oral communication skills
Additional certifications preferred:
  • Relevant certifications such as AWS Certified Security – Specialty, Certified DevOps Engineer, or other security-related certifications are a plus
  • Certified Ethical Hacker, Certified Secure Software Lifecycle Professional.
  • Certified Information Security Professional (CISSP)
Join our team and contribute to building secure and scalable cloud infrastructure.Apply now and be part of our innovative and cutting-edge projects.