Principal Security Engineer (DevSecOps)
As a Principal Security Engineer, you will provide strategic direction, leadership and vision to define and implement security solutions and reusable frameworks – aimed at mitigating security threats across the company’s software development lifecycle and architectures deployed across a hybrid cloud environment. The right candidate will rely on a broad skill set across multiple technologies and will have a passion for security.
What you’ll be doing - interesting problems you can help us solve:
- Define and shape the future of DevSecOps at Sovrn
- Working across the engineering teams to implement security by design, with proactive, early reviews and security integration.
- Develop and deploy automation tools and services that enable software developers to easily consume security as a service
- Develop, implement and promote the adoption of security and access policies appropriate to various environments
- Coordinate and conduct security training across the organization
Responsibilities
- Ensuring Sovrn’s systems and data are properly protected
- Technology thought leader, driving direction, you will advocate for best practices, coding standards, and workflows improvements throughout the business
- Works with Engineering and Product teams to deliver solutions designed for secure operation driving towards architectural and implementation consistency across the entire tech stack
- Manage security monitoring and alerting solutions
- Coordinate routine security tests, audits and exercises - both internal and by external third-parties
- Coordination of resolution for security-related incidents
- Researches industry and technical trends, keeps abreast of technologies and potential solutions
Qualifications:
- 3+ years experience in an advanced security position with hands-on doing software and/or reliability engineering work
- Experience growing and leading a team
- Experience with security architecture, threat modeling, secure application development, developing security controls architecture patterns, and creating strategies and roadmaps
- Advanced knowledge in identity and access management, authentication, authorization, encryption, PKI, and security monitoring methodologies and technologies, ethical hacking/penetration testing, secure coding/OWASP top 10
- Experience with developing security controls for cloud native architectures and legacy systems
- Must be able to coordinate and direct multiple teams towards common goals and best practices using excellent communication and leadership skills
- Ability to promote and demonstrate the value of building secure environments
- Quickly establish trust and rapport with key stakeholders
Nice to have
- AWS Certified Solutions Architect – Professional
- CISSP, OSCP or equivalent security accreditation
About Sovrn
We spend a great deal of our time online. Whether it’s for information, commerce, or entertainment, each of us has come to depend on what we research, discover, and share. Publishers – those who create and curate content – are what makes the Internet great. Yet these publishers practice their craft largely alone, in siloes – without reference points or insightful understanding about where they sit in the grand scheme of things. To add to the challenge, once a Publisher’s content is in the wild, then the task of building engagement, growing a loyal following and enriching the engagement with that following can sometimes feel like shots in the dark or worse, a black box. Moreover, making money from their craft can be a complex task for any independent publisher who might prioritize generating content first and money second.
Sovrn believes that independent publishers are the Internet's vibrancy. As a partner and advocate to tens of thousands of independent publishers, Sovrn provides tools, technologies and services that help publishers (a) make money; (b) get distribution to grow their audience; and (c) access a massive data commons providing extraordinary insights.
The landscape of content networks, adtech vendors, and the myriad of buy-side / sell-side companies can be a complete maze for any reasonable person to decipher. Sovrn cuts through the noise and simplifies things with a basic, straightforward mission:
Help content creators do more of what they want to do – and less of what they don’t.