Senior DevOps Security Engineer
As a key member of the UCF Technology team, you will be responsible for evaluating the current security posture of numerous web-based applications and consulting with development teams on the implementation of security best practices into application development. The Security Engineer will ensure the team is engaging the latest security trends, new methods, and techniques to prevent unauthorized access of data and preemptively eliminate the possibility of system breaches.
Position Summary
The UCF technology team is looking for a Senior DevOps Security Engineer to oversee all aspects of security within the company. We are dedicated to dramatically simplifying the process of regulatory compliance through robust products and APIs. The successful candidate will have an extensive security background and a proven history taking the lead role in maintaining the security of web-based applications, cloud-based products, and the servers they run on, and critical IT applications such as Office 365. We maintain a flat structure of technically-proficient personnel with an entirely remote workforce. We will supply all the technology necessary to work from home.
Responsibilities
· Design and implement web application security architecture for internal and external websites on AWS.
· Design, implement and monitor security measures for the protection of several websites with a focus on build, deployment, and monitoring standards.
· Build and configure delivery environments supporting CD/CI tools using an Agile delivery methodology.
· Identify, define, and implement system security requirements for internal and external web applications
· Conduct web application security assessments and consult with development on how to integrate improved security best practices into the code
· Prepare and document standard operating procedures and protocols; proactively work with team members to address security and compliance issues in a timely manner
· Configure and troubleshoot pen testing and vulnerability scans to identify vulnerabilities in web applications and provide supporting documentation which includes testing methodology and findings
· Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks
· Review and ensure the implementation of adequate application authentication, authorization, and access control practices
· Monitor and analyze security data; produce and present security reports for management
· Troubleshoot and document security incidents
· applications such as Microsoft Office 365, Slack, JIRA, Bitbucket, GitHub, Auth0 and others.
Qualifications
· Eligible to work in the US, pass a background check and no B2B contracts
· 5+ years experience as a Developer with career progression to Security Engineer
· Solid experience in installing, configuring and troubleshooting UNIX/Linux based environments.
· Hands on experience with Linux and Windows system management including Office 365
· Solid understanding of relational databases (mysql, postgres)
· In-depth knowledge of systems architecture including AWS, CDN, load balancers, firewalls, apache/nginx web servers, docker, etc.
· In-depth technical knowledge of security engineering, application security, computer and network security, authentication, security protocols and applied cryptography
· Understanding of Security tools and appliances e.g. firewalls, proxies, SIEM, antivirus, EPP and security concepts.
· Hands on experience running penetration tests and/or working with pentest contract teams.
· Self-starter, self-motivated, and willing to work on complex challenges
· Able to write and speak clearly about complex systems and issues for both technical and layman audiences
Education and Experience:
· Bachelor’s degree in Computer Science or equivalent
· Certification in one or more of the following: CompTIA Security+, Certified Ethical Hacker (CEH), Check Point Certified Security, or Administrator (CCSA)
· Software development experience for web-based applications
· Understanding of REST-based APIs
· Amazon Web Services and cloud-based application security practices
· Configuration management (Ansible, Puppet, Chef, Terraform etc).
· Automate everything mindset.
· Security engineering experience Required
· Penetration testing and remediation experience Required
· Microsoft Office 365 administration: 3+ years (Required)
· Windows and Linux administration: 3+ years (Required)
· GIT (source control): 1 year (Preferred)
· Amazon Web Services (AWS): 1 year (Preferred)
Unified Compliance is an equal opportunity employer and prohibits discrimination and harassment of any kind. We are committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at Unified Compliance are based on business needs, job requirements and individual qualifications, without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. Unified Compliance adheres to these principles in all aspects of employment, including recruitment, hiring, training, compensation, promotion, benefits, social and recreational programs, and discipline and will not tolerate discrimination or harassment based on any of these characteristics.
Job Type: Full-time
Salary: $120,000 - $150,000
Work Location: Remote
Supplemental pay types:
· Merit Based Bonus
Benefits:
· 401(k)
· Company sponsored Health, Dental and Vision
· Paid time off
· Paid Holidays
· Company-Paid Life Insurance, Short-term and Long-term Disability
Schedule:
· 8-hour shift
· Monday to Friday