DevSecOps Engineer - Remote

CentralSquare is a unique enterprise software company whose mission is to build safer, smarter, more connected communities. More than 8,000 public sector agencies trust CentralSquare solutions each and every day. We serve governments of all sizes, from small towns to major cities, to make delivering public services less costly and more efficient.

DevSecOps Engineer - Remote

United States

About CentralSquare Technologies

CentralSquare is a unique enterprise software company whose mission is to build safer, smarter, more connected communities. More than 8,000 public sector agencies trust CentralSquare solutions each and every day. We serve governments of all sizes, from small towns to major cities, to make delivering public services less costly and more efficient.

Job Description

What We’re About

At CentralSquare, you’ll get the opportunity to work in a collaborative environment within a company that builds complex web-based enterprise applications for our Public Servants across North America.

Looking to grow your career? That’s great! We believe in growing and cultivating careers here. There is plenty of room for growth for motivated people.

Hard work should be rewarded. We are committed to providing competitive compensation with a great benefits package, including tuition reimbursement, parental leave, paid volunteer hours, and unlimited PTO. Our flexible work environment also enables you to take advantage of an excellent work-life balance whether you are in office or working remotely.

The Role

We are seeking a skilled DevSecOps Cloud Security Engineer to design, document, share, and enforce security standards for our Cloud infrastructure and services. You will play a critical role in identifying potential security risks, effectively reporting, developing mitigation strategies and priorities, and collaborating with cross-functional teams to integrate security best practices throughout the development lifecycle.

Job Duties Include

• Work closely with development, Cloud, and operations teams to establish and implement security standards for containerized workloads, infrastructure as code (IaC), serverless functions and other Cloud infrastructure.
• Manage and maintain the Cloud Native Application Protection Platform (CNAPP), ensuring it is effectively integrated and utilized across the organization.
• Conduct security assessments of cloud infrastructure to identify vulnerabilities and recommend / prioritize mitigation strategies.
• Design and enforce security policies for cloud services, including access controls, encryption, and compliance with industry standards.
• Monitor and respond to security incidents in cloud environments, performing root cause analysis and implementing corrective actions.
• Stay updated with the latest cloud security trends and threats, and proactively adjust security measures and tools to address emerging risks.
• Provide training and guidance to teams on Cloud security best practices and standards, fostering a culture of security awareness and continuous improvement.
• Develop and maintain documentation for security procedures, standards, and best practices.
• Participate in the design and implementation of security solutions for new cloud projects and initiatives.
• Collaborate with internal and external stakeholders to define security requirements and ensure compliance with standards, such as NIST, PCI DSS, and CJIS.
• Perform other duties as assigned.

Skills & Requirements

Requirements:

• Bachelors in Cybersecurity or Information Technology, or equivalent experience.
• 5-7 years of professional AWS security administration.
• Security certifications preferred, such as AWS Certified Security Specialty or AWS Certified DevOps Engineer Professional.
• Direct hands-on experience with Kubernetes, Docker, AWS and Terraform.
• Preferred experience with Azure DevOps.
• Proficient understanding of best-in-breed technologies used to maintain a secure cloud (e.g. Wiz, Orca).
• Proficient knowledge of common application attacks and mitigation strategies.
• Proficient in scripting languages for automation and security orchestration.
• Strong understanding of security frameworks, such as NIST and CIS.
• Excellent communication and collaboration skills to work effectively with cross-functional teams.
• Experienced in scalable remediation processes.