Director of DevSecOps
June 22, 2022
About TEKRiSQ:
TEKRiSQ INC is a Ponte Vedra, Florida based Delaware Corporation founded in 2021. TEKRiSQ’s software platform and processes help small and medium sized businesses to diagnose exposure to technology risk, and easily adopt actionable risk management practices in a simple and affordable manner. TEKRiSQ sells Risk Assessment Products, SaaS subscriptions, products, and services directly to business customers through a network of trusted advisors.
About the Role
TEKRiSQ is on a mission to solve and streamline the technology-oriented risk problem that modern insurers face today—how to properly diagnose and remediate risks upfront to make more clients insurable, and make SMB cybersecurity fast, easy and affordable practice for insured clients. We’re building tech that connects previously fragmented systems and automates complex decisions to deliver speed and value to all in a highly secure manner.
Job Title: Director, DevSecOps
TEKRiSQ is looking for a Director of DevSecOps to help deliver a cutting-edge mission enablement platform. We are looking for candidates with established experience with cloud platform services, DevOps practices such as build/release management, secure SDLC/DevSecOps practices such as automating security processes in CI/CD pipeline, and general automation. Candidates should be experienced in leading teams and resources both internal and outsourced.
The Director of DevSecOps is a hands-on developer who is also responsible for maintaining the security, technology, wellness, and integrity of TEKRiSQ. The ideal candidate will lead TEKRiSQ’s team of resources in building a comprehensive software ‘factory’ in addition to instituting a fully integrated and secure systems architecture available to TEKRiSQ, its Clients and nominated third parties.
Join us in:
- Streamlining cybersecurity practices across businesses and making clients more insurable, while delivering a secure infrastructure suitable to exchange evolving risk profile information and sensitive analytics
- Helping to build our DevSecOps Strategy & Practice to integrate cybersecurity into the organizational adoption and establishment and improvement of agile practices.
- Partnering with Engineering leaders to create, implement and apply DevSecOps principles, processes, and culture that are consumed by extended delivery teams.
- Provide subject matter expertise in various risk assessments, working in an Agile environment with an understanding of the full software development lifecycle.
- Advocate for software engineering practices such as unit testing, code reviews, full build testing, quality engineering practices, and requirements capturing techniques to the teams to improve end-to-end secure delivery practices.
- Advocate for and ensure appropriate security practices are communicated and implemented within their projects.
- Be a trusted automation and tooling advisor for DevSecOps initiatives by providing objective, practical and relevant ideas, insights, and advice.
- Assist application teams with on-boarding to the adopted security tools/technologies; working with vendors to troubleshoot the platform and issues related to integrations.
- Work with teams to bring continuous improvement to DevSecOps processes and tools.
- Securing the SDLC process via automation and security processes in CI/CD pipeline
- Architecting and continuously improving infrastructure for cloud-based services and client interfaces
- Analyzing security systems, audits, and seeking improvements on a continuous basis.
Responsibilities:
- Integrating DevSecOps tools and services (code repository, artifact repository, source code analyzer, security scanning, testing tools, and an orchestrated integration and delivery platform) to enable automated application building, testing, and securing of our deployments
- Creating and designing IaC solutions to promote services through the development, test, and production environments.
- Conducting technical Root Cause Analysis on vulnerabilities and identifying areas for further research, education, or testing
- Leading CVE Vulnerability Triage meetings: track, assess, and document vulnerabilities
- Leading teams through threat modeling exercises
- Providing occasional on-call support
You’ll have:
- 5+ years of software development or DevOps experience (full life-cycle object-oriented development a plus
- Must have extensive experience with production cloud environments on AWS, Azure, or Google Cloud Platform
- Must have experience with automation/configuration management using leading vendors (i.e. Ansible, Puppet, Chef, Terraform, or an equivalent)
- Building, testing, and administering highly available Container Platform cluster (AWS, Kubernetes)
- Experience building and maintaining AWS infrastructure (VPC, EC2, Security Groups, IAM, ECS, EKS, RDS, S3, SQS, ELK).
- Must have strong experience with at least one programming language: i.e.Python
- Must have experience with development operations of continuous integration, automated testing, and automation of the dev process
- Design and roll out scalable infrastructure using container orchestration systems like Kubernetes
- Experience with Jenkins or GitLabs is a plus
- Strong experience with relational databases / SQL queries / NoSQL databases is a plus
- Must possess strong oral and written communications skills and emotional intelligence
TEKRiSQ is an equal opportunity employer that is committed to diversity and inclusion in the workplace. We prohibit discrimination and harassment of any kind based on race, color, sex, religion, sexual orientation, national origin, disability, genetic information, pregnancy, or any other protected characteristic as outlined by federal, state, or local laws.
This policy applies to all employment practices within our organization, including hiring, recruiting, promotion, termination, layoff, recall, leave of absence, compensation, benefits, training, and apprenticeship. TEKRiSQ makes hiring decisions based solely on qualifications, merit, and business needs at the time.