Sr.Platform SecDevOps Engineer

Position Name: Sr Platform SecDevOps Engineer

Position Details: Combines Security Practices with Kubernetes platform engineering and advanced scripting abilities.

Direct Reporting to: Chief Software Architect

Job Responsibilities:

• Setup and Deployment of Kubernetes production and development clusters in-premise and Cloud (preference to AWS).

• Scripting Kubernetes cluster setup so the setup can be easily replicated on different production sites.

• An active practitioner of an established security framework I.e. CISMP, CISA or CISSP.

• Setting up required plugins for our Kubernetes like Platform CSI driver and/or horizontal autos Caler.

• Setting up ingress traffic and establishing secure network policies.

• Automating certificate management.

• Implementing an alerting system for unusually high resource consumption and monitoring system of critical system

components.

• Providing solutions to observe and access Kubernetes platform logs without need to directly access to our servers from command line.

• Introduce RBAC security policies for different users with different access levels.

• Infrastrastructure-as-a-code practitioner, since each setup or configuration step should be scripted in either Pulumi, Terraform, Ansible, bash or high-level language (Python, GoLang) to allow easy expansion of our product in the region and further.

• Make sure internal Kubernetes endpoints are secure from unauthorized access.

• You'll help triage, troubleshoot, and help resolve any related Kubernetes issues found during testing and in our production systems.

• Identify potential problems and resolve middleware and platform bottlenecks for performance optimization.

• Stay up-to-date with the latest technological developments and proactively integrate new tools and techniques to prevent our production site breaches.

• Demonstrate a willingness to learn and grow both personally and professionally, seeking out new challenges and opportunities for development.

• You'll also serve as the curator of our DevOps and Security playbooks and runbooks, utilizing your accumulated knowledge and experience to guide your peers when necessary.

• Collaborate with the Software Development Manager and Chief Software Architect to deliver a modern and seamless product experience.

• Master’s Degree in Electronics (or Computer Science) with a professional background in secure networking, virtualization and adoption of SecDevOps principles.

• 8+ years of experience in SecDevOps, SRE and using advanced security frameworks application (CISMP or CISA certification would have our immediate attention).

• 3+ years of experience in running production-level Kubernetes clusters is a must.

• Previous experience in using Kubernetes operators would be considered as an advantage.

• Previous experience with tools like ZAP or Harbour and SecDevOps practitioner for 3+ years is MUST for this role.

• Previous experience with provisioning tools like Pulumi and/or terraform.

• Previous experience with Kubernetes Helm charts and Istio service mesh.

• 3+ years of experience with Graphana, Prometheus, Jaeger, EFK or ELK log stack.

• Previous experience in deploying a SIEM tool like Elastic SIEM or a similar one.

• Knowledge of at least one high-level programming language is required Go, Python, C, C++, Java, C#, Ruby since you are expected to write smoke tests and perform environment setup scripting.

• Previous experience with network hardware load balancers (Barracuda, F5) and/or software load balancers (HA Proxy) and previous track of work on establishing low-latency network infrastructure.

• Able to automate health systems checks after production release and notifications.

• Able to setup the framework for anomaly detection from the app logs and isolate suspicious activity.

• Experience in multi-cluster management and active-active cluster setup.

• Previous experience with IoT ecosystem would be strongly preferred.