Talenza is working with a start up based on the Gold Coast to find a DevSecOps Engineer.
This start up is rapidly growing company, not just in size but in processes. They are looking for flexible, progressive and open-minded people who can get onboard with their vision and grow with them.
As a DevSecOps Engineer you will be the SME for security for this tech-driven business. You will take ownership of their annual SOC2 audits, but also working collaboratively with developers on keeping application security front and center while they are coding.
- Work closely with the companies internal compliance / legal team and be the primary engineering contact related to all things security.
- Responsible for maintaining Information Security policy and any related documentation.
- Own and manage their security vulnerability monitoring and intrusion detection systems. Ensure they are proactively fixing issues raised. Manage the interactions with the auditors to meet SOC and any other security related requirements.
- Develop internal tooling for automatic deployment.
- Operate and manage security related infrastructures, EDR, AV, WAF, vulnerability scanners, and CSPM.
- Participant in development, test and maintain disaster recovery solutions and exercises.
- Architect and implement solutions necessary to address security audits and compliance efforts. Knowledge of SOC2 and ISO27001 and PCI a plus.
- Work with external security testing vendors to coordinate pen testing of our platform and network. Coordinate any necessary fixes with the development team.
- Work closely with the engineering teams to ensure we are considering security when architecting and building new systems. Ensure that security solutions are architectured with developer velocity and efficiency in mind. Identify and develop tools to aid this process.
- Support the organizations Third-Party Risk Management program
- Experience conducting or taking part in Information Security audits (SOC2, ISO, etc)
- Working knowledge of IT security & Governance Risk Compliance standards (NIST CSF, ISO 27k1, COSO, etc.)
- Experience securing Cloud infrastructure (AWS, Azure, GCP- they're an AWS shop)
- Good understanding of programming, code analysis, debugging. (node.js, golang, python, bash etc)
- Knowledge of industry security standards, associated controls, and audit requirements for compliance
- The familiarity of data privacy laws such as CCPA and related data security requirements.
- Experience developing and implementing an Information Security risk program, methodologies, and tools
- Ability to work effectively in teams of technical and non-technical individuals, including peers in non-technical departments
- Experience working in the financial services / FinTech Industry is a plus
- Ability to work independently with minimal supervision and collaboratively in a team environment
- (Optional) Any Security certifications such as AWS Certified Security Specialty, CISSP, CISA, Security+ would be beneficial.
- The company has beautiful offices in Burleigh Heads - very close to the beach
- They are willing to consider full remote
- $130,000 base plus super