Job Type: Permanent(Full Time/Full-Time)
Function: Application Security, DevSecOps.
Location: Remote (Anywhere)
Experience Required: 10+ years
Job:
We are looking for a Principal Security Engineer to help us with our content engineering team. We are a remote-first company, so you'll work with our remote team to create great security content that delights our customers.
The Principal Security Engineer job includes research and development in DevSecOps and Cloud-Native Technologies. You'll also be helping security professionals from fortune 500, defense, and other IT security organizations with their security upskilling needs by creating advanced and hands-on security content.
For this, you need to have a strong ability to communicate with different stakeholders in the organization. If you can communicate well and work methodically as part of a team, we'd like to meet you.
What you will do:
- Help security professionals and developers in SDLC, especially in requirements analysis, design, implementation, testing, integration, verification, and maintenance of the DevSecOps Environment.
- Embed security as part of CI/CD and DevOps pipelines.
- Embed security in CI/CD and DevOps pipelines
- Build new hands-on lessons and content
- Help build tools to make it easier and faster to release new content
- Keep existing courses, lessons, and challenges upto date
- Deliver DevSecOps courses to security professionals across the world especially in Blackhat, Brucon, HITB etc.,
- Proactively look for ways to scale, streamline and improve business processes
- Ensure final deliverables meets the organization's quality requirements.
- Speak with professionals around the globe to understand their goals, needs, future plans to help them grow professionally.
- Identify ways to improve existing procedures through new processes, automation, and technology.
- Support other colleagues to achieve goals together as a team.
- Perform other duties as assigned
What are looking for:
- 10+ years of experience in application security or product security roles.
- Desire to work in cutting-edge product security technologies like DevSecOps, Cloud Native Technologies, and Zero Trust networks.
- Good understanding of application security concepts and tools.
- Passion for improving the state of the AppSec and DevSecOps in the world.
- Experience with scripting languages (Bash, Python, Go).
- Hands-on experience in Linux & DevOps technologies(CI/CD, Docker, etc.).
- Experience in delivering application security training to developers/QA and DevOps teams.
- Deliver DevSecOps courses to security professionals across the world, especially in Blackhat, Brucon, HITB, etc.,
- Ability to quickly prototype intentionally vulnerable applications (in Flask when possible)
- Good understanding of Software Component Analysis(SCA), SAST, DAST, Threat modeling, and Vulnerability Assessment and Penetration Testing (VAPT).
- Ability to write detailed technical guides and create presentations.
- Adaptability in a fast-paced startup environment and interest in taking on additional responsibility
- Ability to work independently with minimal supervision in a remote team setup.
- Excellent oral and written communication skills.
- Ability to work with the rest of the team to get things done.
- Experience in delivering application security training to developers/QA and DevOps teams.
- Good understanding of Software Component Analysis (SCA), SAST, DAST, Threat modeling, and Vulnerability Assessment and Penetration Testing (VAPT).
- Experience in creating training content such as lectures, presentations, sample applications, and learning scenarios.
- Contributions to Open Source Projects, or the security community.
Perks
If that sounds like you, get in touch! We have an amazing team and working culture, and we offer:
- Work from home with periodic office work and travel (including our yearly retreats to exotic locations)
- Apple/Mac Stack(MBP/Keynote)
- Flexible work schedule
- Highly competitive compensation
- And much more!
About Practical DevSecOps
Practical DevSecOps (a Hysn Technologies Inc company) offers vendor-neutral, practical, and hands-on DevSecOps training and certification programs for IT Professionals. Our online training and certifications are focused on new areas of information security, including DevOps Security, Cloud-Native Security, Cloud Security & Container security. The certifications are achieved after rigorous tests(12-24 hour exams) of skill and are considered the most valuable in the information security field.
Why Explore a Career at Practical DevSecOps
At Hysn Technologies Inc, we are working on creating revolutionary security products and services. With offices located globally (San Francisco, Singapore, and India), we believe in creating simple, usable, and excellent security products that delight our customers. We are remote work-friendly and provide significant benefits like work from home (5 days a week if you wish), medical, and career growth benefits!
We look for people who know how how to get stuff done, and who aren't afraid of getting their hands dirty. We want people who are hungry and humble, who take risks and thrive in fast-paced, fluid environments. We want people who take ownership of their work, don't take themselves too seriously, and treat everyone with respect.
We think it takes all kinds, all types, all ethnicities, and all genders, to make a great organization. So if you have a passion for the Information Security industry, you're comfortable working in a startup environment, and you meet the criteria above: we'd love to get to know you!
Salary Range: 30 - 40 Lakhs per annum