DevSecOps Engineer

About Knotch

Your first 90 days

• In your first 30 days… (i) Understanding of what we do and how we do it; (ii) Review current state of affairs on security; (iii) Understanding of gaps in security for SOC2 and other relevant frameworks
• In your first 60 days…(i) Taking ownership of SOC2 compliance (ii) Begin setting up best practices
• In your first 90 days… (i) Complete ownership of everything security (ii) Becoming the default escalation point for all security matters

How you will add value at Knotch

• Design, build and implement enterprise-class security systems with engineering
• Lead planning, implementation, and testing of security systems, policies, procedures and standards
• Wear multiple hats as DevOps/SRE working with engineers (onshore and offshore) as needed
• Provide advice and assistance to management concerning information security, privacy, and related matters
• Proactively identify, assess, manage, and mitigate potential threats to security
• Ensure that security policies and directives are consistently applied
• Evaluate information security systems, methods, and practices
• Develop and implement programs for employee security awareness
• Architect cloud security solutions using the AWS ecosystem
• Lead secure software development discussions with clients and their infosec teams/questionnaires
• Ensure data on our information system is protected to prevent unauthorized access
• Design solutions that balance security and business requirements
• Lead technical teams through the investigation, RCA, remediation and documentation of security incidents
• Effectively work with engineers, product managers, and other stakeholders. Collaboration is the name of the game!
• Act as a point of escalation to individual contributors and our leadership team
• Deliver dashboards and reports to a wide audience demonstrating our current program state and adherence to framework standards
• Provide guidance on data privacy regulations, including NIST standards, GDPR, CCPA, and others while implementing processes to ensure effective data protection controls
• Stay current with industry trends, attacks, mitigation measures, and application security standards
• Respond to client and vendor security assessments
• Train engineering teams and others at Knotch on security best practices

You will successful if you bring:

• 5+ years prior DevOps, SRE or security engineering experience in a SaaS/PaaS/IaaS environment
• A history of developing policies, standards, and best practices that you’ve developed from ground up in collaboration with other engineering, product and legal team members
• A self-starter mentality with the ability to lead and work with cross-functional teams
• Communication skills, empathy and expertise to instill confidence with external clients on data privacy and systems security
• A pragmatic approach to balancing security, user, and business requirements
• Knowledge of industry standard control frameworks (e.g. NIST, SOC2 etc.)
• Knowledge of what it takes to be GDPR/CCPA/SOC2 compliant
• The mindset to work in a dynamic, fast paced environment, prioritizing and delivering on evolving timelines
• Dependability traits and show a sense of urgency about getting results
• Excellent documentation skills and a care for tracking context and purpose

Bonus points if you have:

• Relevant certifications (e.g. CISSP, CISM, CCSP)

Benefits Perks:

Equal Opportunity Employer: