DevSecOps Engineer - Cybersecurity
At Deckers Brands, Together, Every Step is a promise kept that every employee can bring their authentic self, is valued and supported, as a whole person, at work and beyond. Together, Every Step is how we continue to deliver exceptional business results, experience an amazing place to work, and have a positive impact on the communities and world around us.
Job Title: DevSecOps Engineer - Cybersecurity
Reports to: Senior Manager Security Engineering
Location: Remote
Interested applicants must reside in one of the following approved states: Arizona, California, Colorado, Indiana, Massachusetts, Minnesota, New York, Oregon, Pennsylvania, Texas, Utah, Washington.
The Role
Security as Code. Deckers Brands is looking for a talented engineer to join our Information Security Team. This role is for a unique personality that thrives on deploying and maintaining cyber security technologies, as they relate to code development. This individual will also assist in threat hunting, incident response, and your more “typical” security functions. Information Security Team members work closely with application development, operations groups, and business stakeholders across Deckers Brands to ensure that solutions are implemented and maintained in a manner that preserves the confidentiality, integrity and availability of our data.
Security by design. This individual will be a critical resource for enabling the juncture of security and development to find mutual success. You will be the guiding voice that keeps our code aligned with security best practices and compliant with various global government and industry regulations.
Your Impact
The primary functions of this role include but are not limited to:
- Perform penetration tests on internal and external code to ensure Deckers’ desired security posture is maintained.
- Assist with the development, deployment, and maintenance of static and dynamic code analysis tools.
- Perform security impact assessment on code releases to ensure the appropriate security controls are in place for the level of risk the code represents.
- Work with global teams to audit and monitor software development lifecycle standards to confirm they are properly defined and maintained.
- Work with development teams to tune Web Application Firewalls and DDOS solutions.
- Provide “follow the sun” support for escalated Information Security-related requests and incidents, as well as participate in on-call support rotations, as needed.
- Work with security operations analysts to perform deeper analysis of detected events.
- Review 3rd party connections and communications to confirm they follow Deckers Brands security and compliance requirements.
- Drive development of an Application Security Testing Orchestration (ASTO) environment.
- Occasional travel to remote or regional offices may be required.
Who You Are
You are a proactive and detail-oriented professional with a passion for cybersecurity and software development. You thrive in collaborative environments and possess excellent problem-solving abilities. Your strong communication skills enable you to effectively convey complex security concepts to both technical and non-technical stakeholders. You are adaptable, able to handle multiple priorities, and committed to continuous learning and improvement.
We’d love to hear from people with:
- BA/BS degree, or equivalent experience.
- Security professional certification, such as Global Information Assurance Certifications, Certified Information Systems Security Professional (CISSP), Systems Security Certified Practitioner (SSCP), AWS Certified Security – Specialty, Palo Alto Networks Certified Network Security Administrator (PCNSA), or other similar credentials, is desired.
- 3 years’ experience in either a development or DevOps role, or some combination of the two.
- Experience working with eCommerce SaaS solutions with a preference for a background that includes Salesforce Commerce Cloud.
- Knowledge and work experience in security cloud architecture with a focus on securing AWS environments.
- Understanding of Cloud Formation Templates and AWS CLI scripting to maintain infrastructure as code.
- Understanding of Web Application Security for both web sites and web services, along with common vulnerabilities and attacks.
- Deep and broad understanding related to database security and familiarity with database security scanning tools and techniques.
- Experience with security practices such as security incident response and risk management.
- Experience in the design, development, implementation and operational support of mission critical solutions in large scale environments and organizations.
- Experience with the Atlassian suite of products: Confluence, Jira, and Bitbucket.
- Familiarity with any of the following languages: Python, Ruby, Java, C++, etc.
- Ability to read exploit code to determine how it works, why it works and any modifications that may be necessary before using it in a test.
- Fluent written and spoken business English.
- A “breaker” mindset. You ask, “How are things NOT supposed to work?”
- Excellent verbal and written communication skills with a wide range of audiences including technologists, executives, business stakeholders and IT team members.
- Great attitude and strong work ethic.
- High level of creativity, quick problem-solving capabilities and strong analytical skills.
- High level of personal integrity, and the ability to professionally handle confidential matters.
- Ability to work on multiple projects and meet deadlines by setting priorities with work projects.
- High degree of initiative, dependability and ability to work with little supervision.
What We'll Give You
- Competitive Pay and Bonuses: We’ve created a variety of competitive compensation programs to foster career development, reward success and to show our employees just how much they’re valued.
- Financial Planning and Wellbeing: Our plans provide powerful ways to protect income, pay for expenses and invest in the future.
- Time Away from Work: Our plans support our employees’ needs to get out, get healthy and come back stronger than ever.
- Extras, Discounts and Perks: From generous discounts to community-based programs, we offer a variety of cool extras.
- Growth and Development: Deckers Brands offers extensive opportunities and support for personal and professional development.
- Health and Wellness: We aim to support a healthy lifestyle.
The salary range posted reflects the minimum and maximum target for new hire salaries for this role in our Goleta, CA location. Individual pay will be determined by location and additional factors, including job related skills, experience, and relevant education or training.
Equal Employment Opportunity: Diversity and inclusion are key to our success. We are proud to be an equal opportunity employer and we welcome qualified applicants regardless of their race, color, religion, sex, sexual orientation, gender identity, gender expression, national origin, age, military or veteran status, mental or physical disability, medical condition and all of the other beautiful parts of your identity.
#J-18808-Ljbffr