As a DevSecOps Engineer, you will help customers with their DevSecOps journey.
You will automate security checks and help development teams to find security issues at an early stage. Preventing secrets sprawl, making sure Docker containers are secure and the software doesn’t contain any vulnerabilities are the kind of challenges you like to solve.
Cloud security is something you find inevitable as well as making sure infrastructure is correctly provisioned using infrastructure as code. Regulations and compliancy rules like GDPR is not something you ignore but try to automate instead to make life easier. In the time you are waiting for your infrastructure to provision you check if you can hack and find issues in other systems and applications (with consent).
You like solving these challenges in different sectors and at different enterprise levels.
Next to the day to day activities you like to give security training to increase security awareness and share security knowledge.
* Team player with strong analytical skills and the ability to understand and resolve complex problems
* Eager to learn new security things and improve existing skills
* Mentality to finish ‘the job’ no matter what time it costs
* Excellent communication skills and fluent in English
* Project- or consultancy experience is a plus
* Likes going to Meetups, conferences, and likes to be involved in the security community like OWASP
*Technical related Bachelor (HBO) degree
* Experience with cloud platforms such as AWS, Azure
* Experience with infrastructure as code (Hashicorp Terraform, Cloud Formation) is a plus
* Experience with containers (Docker)
* 1-3 years of experience in software development (security)
Bonus points for:
* Experience with container orchestration platforms (Kubernetes)
* Experience with container security (AppArmor, Seccomp, Twistlock, Aquasec, Clair, Anchore)
* Experience with SAST tools (open source, commercial)
* Experience with OSS security tools (Nexus Lifecycle, Snyk, Black duck)
* Experience with DAST (OWASP ZAP)
* Experience with secrets management (Hashicorp Vault)
* Pentesting or red teaming experience
* Able to perform a security code review on several programming languages
* Project or consultancy experience
Araido is an ambitious security startup that delivers services to help organizations achieve a Secure Software Development Lifecycle. Building innovations for customers is not only about building something that they need, it is also about standing up to the level of trust they expect. Organizations use lean development practices like Agile, Scrum, DevOps to support collaboration and cloud services to reduce the time to market. To include security, organizations must commit to changes in skills, culture, technology, and processes to deliver secure innovations at speed and scale. Being one of the pioneers in DevSecOps, Araido knows how to make DevSecOps programs successful within an organization and include security as an integral part.