DevSecOps

Tasks

• Automation of the search and elimination of vulnerabilities in the infrastructure and product.
• Suggest possible methods of operation and recommendations for their elimination.
• Learn new tools in the security market and implement them to eliminate threats.

Our expectations

• Confident knowledge of Linux and Docker.
• Understanding the security issues of large infrastructure. Knowledge of modern attacking techniques, vectors of infrastructure penetration attacks and knowledge of standard solutions.
• Knowledge of attack vectors and ways to protect WEB applications (OWASP TOP-10), understanding of modern WEB technologies.
• Good knowledge of network technologies and protocols within Linux (TCP/IP, HTTP, TLS, HTTP Proxying, iptables/nftables).
• Ability to automate your activities using Bash/Python/Go/Ansible/Terraform.
• Understanding and ability to apply Infrastructure as Code approaches.

Will be a plus

• Experience in conducting pentests.
• Experience in implementing security controls using the Zero Trust approach.
• Experience with Service Mesh solutions.
• Experience with WAF/IDS/IPS type systems.
• Experience in embedding static and dynamic application vulnerability analysis tools in development processes.
• Web application development experience or experience in the AppSec role.
• Knowledge of Prometheus, Grafana Loki or the desire to develop in these areas.

Additionally

• Willingness to discuss relocation to Georgia.
• The ability to work from anywhere in the world.