Senior DevSecOps (Cloud Security) Engineer
Who we are:
Fivestars is America’s largest local commerce network, driving over $3 billion of sales and 100 million transactions annually. Our mission is to help businesses and communities thrive by turning every transaction into a relationship. We offer an all-in-one payments, loyalty and marketing automation platform that brings more customers to local businesses. Founded in 2011, Fivestars is backed by Lightspeed, DCM, Menlo Ventures, HarbourVest, and others. Together, let’s #LoveLocal.For more information visit:.
As part of the Engineering team at Fivestars, our mission is to deliver applications that impact and improve the day-to-day lives of small business owners and consumers using our products across our network. In this role, you will be building and delivering highly scalable and reliable systems that drive the experience of thousands of local businesses and millions of consumers.
Who you are:
You are a battle-hardened security professional who has worked to implement security best practices directly into the automated systems responsible for large, scalable systems that handle millions of daily requests. You work closely with the platform, product, and engineering teams to assess and remediate risk and design and support new security-related processes within the monitoring, build, and deployment systems that make products available. You maintain an understanding of and defend against the latest threats at all times to provide exceptional experiences to customers through secure, reliable, and fault-tolerant systems.
What you’ll do:
- You will design and implement the application and infrastructure security strategy for the organization
- You will provide the technical foundation of the organization's DevSecOps platform, leveraging automation and best practices
- You will design and deliver flexible build and deployment functions at Fivestars while implementing a balanced approach to security and agility
- You will develop and implement security as code and compliance as code pipelines using automation tools
- You will develop and implement solutions to help mitigate security vulnerabilities while actively conducting research to identify new attack vectors
- You will maintain a high level of quality in our infrastructure systems through security audits, risk analysis, application-level vulnerability testing, and security-focused code reviews
What we're looking for:
- Strong experience securing infrastructure deployed into public clouds (AWS, Azure, Google Cloud)
- 5+ years in a security engineering position with experience as a DevSecOps Engineer working in a cloud environment (AWS, Azure, Google Cloud)
- Strong knowledge of threat modeling and risk assessment techniques
- Experience in securely managing production Kubernetes infrastructure with knowledge of Kubernetes security best practices and the use and benefits of service mesh (Istio) and API gateway (Ambassador) technologies
- Extensive experience automating system tasks and infrastructure using a scripting language (Python, Bash), with configuration management tools (Ansible), and infrastructure orchestration tools (Terraform, CloudFormation)
- Deep understanding of the Software Development Life Cycle including how to best implement security principles and checkpoints into the Continuous Integration and Continuous Deployment (CICD) pipeline (SAST, DAST, IAST) and into deployed applications (WAF, RASP)
- Be a strong team player. We work in small, tightly knit product teams that function cohesively to move as quickly as possible
Fivestars provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability, or genetics. In addition to federal law requirements, Fivestars complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.