Lead DevSecOps Engineer
Jeeves is an all-in-one corporate card and expense management platform for startups, enterprises and SMBs around the world. Jeeves has raised over $380M and is backed by top investors including Andreessen Horowitz, Y Combinator, CRV, Tencent, Stanford University, Clocktower Ventures and Founders of more than 15 unicorns including David Velez (Nubank), Carlos Garcia (Kavak), Sebastian Mejia (Rappi), Zac Prince (BlockFi) and the family office of two FAANG founders.
Jeeves’ mission is to become the primary financing and software solution for companies - globally. Since its public launch in March 2021, the company now services more than 3000 clients across 24 countries and 3 continents.
- Bachelor's Degree in Computer Science or equivalent
- Must: 5+ years of applied cloud security knowledge of AWS
- 5+ years Experience of reviewing production code and fixes for multiple codebases in Node.js
- 2+ years of experience investigating the impact of cloud security engineering issues and incidents.
- Design, implement and maintain secure cloud architecture solutions on AWS, including API security, ensuring compliance with industry best practices, while taking under consideration business needs and constraints.
- Collaborate with development and operations teams to integrate security practices into the software development lifecycle (SDLC), including continuous integration/ continuous deployment (CI/CD) pipelines.
- Conduct security assessments and vulnerability scans on cloud infrastructure and applications.
- Develop and implement security policies, standards, and procedures, ensuring proper access controls, encryption, and data protection.
- Monitor and analyze logs and alerts to detect and respond to security incidents, implementing incident response plans.
- Automate security processes and tasks using scripting languages, AWS CloudFormation, and infrastructure-as-code (IaC) tools.
- Stay up-to-date with the latest security features, tools, and industry trends, providing recommendations for enhancing security posture.
- Collaborate with cross-functional teams to define and implement security requirements for new projects and initiatives.
- Provide guidance and support to development teams in implementing secure coding practices and conducting security testing.
- Knowledge of conducting security checks (application vulnerability analysis and security component analysis).
- Lead projects and ongoing support of security operations.
What you bring:
- Solid experience in designing, implementing, and securing cloud environments, including services such as EC2, S3, RDS, IAM, VPC, and CloudTrail.
- Strong understanding of DevOps methodologies and experience with CI/CD pipelines and tools (e.g., Jenkins, GitHub, SonarQube).
- In-depth knowledge of cloud security best practices, industry standards, and compliance frameworks (e.g., NIST, CIS, ISO 27001).
- Proficiency in scripting languages such as Python, Bash, Groovy.
- Experience with Infrastructure-as-Code (IaC) tools like AWS CloudFormation or Terraform.
- Familiarity with security scanning and monitoring tools, such as AWS Security Hub, GuardDuty, Inspector, or third-party solutions.
- Strong understanding of network security concepts, including firewalls, VPNs, and secure network architectures.
- Knowledge of secure coding practices and experience with application security testing tools (e.g., SAST, DAST, fuzzing, and secure coding patterns).
- Excellent problem-solving skills and ability to work collaboratively in a team-oriented environment.
- Participate in incident handling and other related duties to support the information security function.
- The ability to learn and apply new concepts quickly
- Strong written and oral communication skills