Principal DevSecOps Engineer

About the job: As cyber threats evolve, it becomes increasingly important to incorporate security as a core element of the software development process. In this challenging and rewarding role, you will be responsible for designing and implementing systems that prioritize security from the beginning of the software development life cycle (SDLC). By working closely with software development, security, and Cloud operations teams, you will help to improve processes, tools, and culture to ensure that security is treated as a shared responsibility. Through your efforts, our continuous integration and continuous Cloud delivery (CI/CD) are done securely.

Your challenges:

• Work closely with Engineering and Operations to ensure that security and privacy are integrated into all aspects of the Software Development Lifecycle
• Threat Modeling evaluation and analysis of potential risks associated with different processes, systems, or technologies
• Perform manual source code analysis, reviews, and testing in a variety of programming languages
• Create and implement automated processes and tools to improve the efficiency and effectiveness of security controls
• Regularly check and monitor processes and systems to identify any potential vulnerabilities or weaknesses
• Respond to and manage security incidents, such as data breaches or cyber-attacks, immediately and effectively
• Create awareness of security best practice to various teams through presentations and learning tools on security exploits and associated risk
• Testing, selection, and implementation of technologies, tools, and working methods
• Collaborate with the wider security team to share ideas, tools, and processes and help reinforce a security culture within Deriv

What You Have:

• 15+ years of relevant experience, including hands-on security roles, leadership, and mentoring positions
• The ability to inspect code and actively seek out security issues and vulnerabilities
• Strong understanding of software development, security, operations principles, and best practices across various software stacks
• Proficiency in one or more programming languages (e.g., Perl, Node.js)
• Knowledge of Public Cloud Security tools, services, and components including IaC and Containers
• Experience with DevOps tools and best practices (e.g., Git, Jenkins, CircleCI, Ansible)
• Knowledge of security and privacy principles including best practices (e.g., authentication, authorization, encryption, GDPR)
• Strong problem-solving skills
• Excellent spoken and written English communication skills
• Bachelor’s or master’s degree in computer science or a related field

Benefits:

• Market-based salary
• Annual performance bonus
• Medical insurance
• Housing and transportation allowance
• Casual dress code
• A chance to work with top talent from across the globe (70+ nationalities)
• Ample team-building and bonding activities
• Great overseas travel opportunities