Information Security & Compliance
9 March 2020
Wanted: DevSecOps Engineer excited to shape a future of mobility!
The DevSecOps Engineer is a member of the compliance and security team responsible for reducing PARK NOW attack surface. You will participate in the defense and remediation and work closely with Cloud infrastructure/systems squad. You will also have the opportunity to learn and develop skills in a leading security practice.
Working closely together and partly within cloud infrastructure/systems squad responsible for review and contribution of the infrastructure as a code, automation of the provisioning and deployments systems along identifying any security and vulnerability shortcomings and playing a leading role in fixing those. Ability to operate in fields of AWS, network, application provisioning and deployments automation, infrastructure and automation of all internal processes. Working alongside an experienced cloud engineering team, in alignment with cloud and application architects.
- Ensuring all security aspects are included in cloud infrastructure architecture, design, and implementation, setup and configuration of AWS services
- Work with the rest of the system’s squad team and wider architecture teams to include security principles and retrofit wherever possible and/or needed.
- Partner with the network and Product [CS1] IT teams to design and implement the connectivity, structure, access and security of the cloud environment
- Assist Security Operations [CS2] around Vulnerability Management (SIEM)
- Assessing known systems vulnerabilities and verifying system hardening and patching activities to ensure compliance with the most current applicable NIST best practices, PCI DSS, ISO etc.
- Develop and review CloudFormation/Terraform code
- Contribute to CI/CD strategy implementation
- Document security principles, issues and framework
- Work on a wide range of innovative AWS uses cases
- Implement Infrastructure solutions to ensure security, scalability, resilience and maintainability
- Integrate AWS services: guardduty, amazon inspector, AWS config and any other relevant tool to ensure secure SDLC
- Stay relevant with AWS technologies and security principles across technology
- Ability to analyze and understand cybersecurity threats and vulnerabilities
- In-depth experience with AWS services
- Expertise in cloud network architectures, designing and implementing VPCs, VPC routing, and VPC security
- Expertise in using infrastructure as a code; Terraform and cloudformation
- Expertise with Cloud Security design, tools and principles
- Strong scripting skills, i.e., Powershell, Python, Bash etc.
- Strong knowledge of DNS, load balancing and firewalling
- Strong automation skills: grasping concepts of CI/CD, Blue / Green deployment model in dynamic cloud environment, introducing security management framework, policies and tools.
- Strong verbal and written communication skills, with the ability to work effectively across all internal organisations
- Ability to influence team direction
- +5 years of experience in all above related roles
Want to be part of a dynamic fast-growing scale-up and global, urban mobility leader? Yes! Want to make an impact? Yes!
We offer a lot of autonomy and room to develop your talents. We know our people are at their best when they enjoy a good work-life balance, which we fully support. You can expect great employment benefits, including a mobility plan, Friday beers and snacks, daily fresh fruit, fun team events and much more!
PARK NOW. We are driven to improve. Come join the ride!