The UCF technology team is looking for a DevSecOps Security Engineer to lead all aspects of security within the company. We are dedicated to dramatically simplifying the process of regulatory compliance through robust products and APIs. The ideal candidate will have an extensive security background and a proven history taking the lead role in maintaining the security of web-based applications, cloud-based products and the servers they run on, and critical business applications. We maintain a flat structure of technically proficient personnel with an entirely remote workforce. We will supply all the technology necessary to work from home. This position reports directly to the CTO.
- Design, implement and monitor security measures for the protection of several websites with a focus on build, deployment and monitoring standards.
- Recommend, build and configure delivery environments supporting CD/CI tools using an Agile delivery methodology.
- Design and implement web application security architecture for internal and external websites on AWS and other cloud providers.
- Identify, define and implement system security requirements for internal and external web applications to include WordPress.
- Conduct web application security assessments and consult with development on how to integrate improved security best practices into the code
- Prepare and document standard operating procedures and protocols; proactively work with team members to address security and compliance issues in a timely manner
- Configure and troubleshoot pen testing and vulnerability scans to identify vulnerabilities in web applications and provide supporting documentation which includes testing methodology and findings
- Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks
- Review and ensure the implementation of adequate application authentication, authorization, and access control practices
- Monitor and analyze security data; produce and present security reports for management
- Troubleshoot and document security incidents
- Provide administration and security of a variety of Windows and cloud-based applications such as Microsoft Office 365, Slack, JIRA, Bitbucket, GitHub, Auth0 and others.
- Eligible to work in the US, pass a background check and no B2B/C2C contracts
- 5+ years of experience as a Security Engineer
- Solid experience in installing, configuring and troubleshooting UNIX/Linux based environments.
- Hands on experience with Linux and Windows system management including Office 365
- Solid understanding of relational databases (mysql, postgres)
- In-depth knowledge of systems architecture including AWS, CDN, load balancers, firewalls, apache/nginx web servers, docker, etc.
- In-depth technical knowledge of security engineering, application security, computer and network security, authentication, security protocols and applied cryptography
- Hands on experience running penetration tests and/or working with pentest contract teams.
- Self-starter, self-motivated, and willing to work on complex challenges
- Able to write and speak clearly about complex systems and issues for both technical and layman audiences.
- Bachelor’s degree in Computer Science or equivalent
- Certification in one or more of the following: CompTIA Security+, Certified Ethical Hacker (CEH), Check Point Certified Security, or Administrator (CCSA)
- Software development and/or DevOps Engineering certfications or equivalent experience.
- Amazon Web Services and cloud-based application development certifications or equivalent experience.
- Docker Certifications or equivalent experience
- Security engineering: 5+ years (Required)
- Penetration testing and remediation: 3+ years (Required)
- Microsoft Office 365 administration: 3+ years (Required)
- Windows and Linux administration: 3+ years (Required)
- DevOps Pipeline security - SAST (e.g. SonarQube), DAST, RASP, WAF: 3+ years (Required)
- GIT/GITLab: 3 year (Preferred)
- Amazon Web Services (AWS): 3 years (Preferred)
- Docker: 2+ years (Preferred)
For more info.: https://theucf.info/m9Zdz8