Sr. DevOps Security Engineer
SendGrid is and always will be an engineering company. We hire people with a wide range of technical skills and expertise who are interested in solving large-scale development problems, like how to deliver billions of transactional emails per month in a secure and scalable way.
SendGrid's InfoSec team is seeking a technical resource with a strong background in software development and a deep knowledge of application security.
What You'll Do
You will primarily work with QA to implement automated security testing as part of the CI/CD process. You will also work with the Engineering and Operations teams and to drive implementation of security-related functionality into software and infrastructure. You'll work in concert with the InfoSec PM to build security into all phases of the software development lifecycle.
About You
- Proficient with infrastructure automation tools like Chef, Ansible, Puppet, etc.
- Experience performing manual security testing of web applications, and capable of automating this type of testing as part of the CI/CD process.
- Proficient in TDD methodologies and developing security-related tests
- Proficient with Git and automated build and deployment tools such as Jenkins
- Experience using automation techniques to create and maintain development environments that allow our Engineering teams to quickly and efficiently write secure code.
- Solid development skills in one or more languages (Bash, Javascript, Go, Python, Ruby, Perl) and not afraid to learn new ones. Familiarity with common web app frameworks.
- Able to understand, identify, and explain risks of common software security issues (e.g. OWASP Top 10) and demonstrate remediation techniques in various languages
- Willing to be part of the on-call rotation to respond to security issues
- Quick to grok emerging threats and new technologies