DevSecOps Engineers at NS8 have a dual responsibility to uphold and create security standards across all of our environments as well as collaborate with other infrastructure teams to operate a production environment. The DevSecOps team’s responsibility is to “shift left” security, reliability, and availability matters early into the development process for the entire engineering org. Accordingly, the DevSecOps team has 3 focuses, Infrastructure, Security, and Test/QA.
We value quality work and an attitude to design and review carefully, thoughtfully, and proactively. We are looking for a DevSecOps Engineer who is passionate about high quality code and processes, automated testing, and continuous integration and monitoring and who will maintain high standards through code reviews and daily interactions.
Responsibilities:
Implement DevSecOps systems with Infrastracture-as-Code that deploy and run in Kubernetes clusters and in Concourse CI/CD
Write automated tests to verify that the infrastructure is up, working as configured, resilient, and highly available
Code review with an eye for correctness, standards-compliance, security holes, availability holes, test holes, etc
Write Policy-as-Code that ensure various systems are compliant, encrypted, and follow least privilege and zero trust models
Operate and respond to on-call incidents in a production environment, then automating systems to make such incidents occur less frequently
Requirements: Experience with specific technologies listed is not required, except Kubernetes.We may prefer candidates who know the specific technologies, but we are also open to input on some of these
Experience building, operating, and maintaining production environmentsin Kubernetes and in the cloud more broadly. Experience with zero downtime upgrades.
Infrastructure-as-Code experience. We use plenty of YAML, Helm, and some Terraform but are also looking at Pulumi and cdk8s.
Experience writing production code in at least one language. Most of our engineering teams use TypeScript, with some sprinkles of Java, Python, Go,Shell,etc.
Observability experience. We use Prometheus, Grafana,Fluentbit,Cloudwatch, Jaeger, Kiali, and likely more
Experience writing CI/CD pipelines. Weare migrating to Concourse fromCircleCIandsomeAWSCodeBuild. Many of the tools theDevSecOpsteam implements and builds will runinCI/CD
Automated testing experience. Wepreferexperience with static analysis,end-to-end testing, and infrastructure testing
Preferred: These experiences are not required, but we will prefer candidates who have one or more of these in addition to the requirements above.
Multi-cloud experience. We primarily use AWS right now, but are starting to use GCP and potentially more in the future. We try to be cloud agnostic, but take pragmatic approaches and consider trade-offs when using managed services.
Multi-cluster experience. We run several clusters, some of which communicate with each other, currently in a hub-and-spoke model.
Service Mesh experience. We use Istio.
Experience promoting components in stages from development to pre-production to canary to production.
Experience implementing and influencing aDevSecOpsworkflow for other teams
Experience working in an Agile/Kanban environment withGitFlowstyle development on a Remote / distributed team.
Experience withany of theDevSecOpsTeam’s other focuses:Security (linkme)and/or Test/QA (linkme)
Very Preferred: These experiences are also not required, but we will prefer candidates who have one or more of these in addition to the requirements above.
Experience running and securing untrusted, 3rd-party workloads.
Experience designing or operating event-driven architecture, databases, and data pipelines, as well as working with data engineers. We use Kafka,Zeebe, Mongo, Postgres, MySQL, DynamoDB,ElasticSearch,etc
