Security Engineer

Octopus Deploy sets the standard for Continuous Delivery empowering software teams to deliver value in an agile way. Over 4000 organizations globally –  including Ubisoft ASOS Xero monday.com Stack Overflow NASA and Disney – rely on our Continuous Delivery GitOps and release orchestration solutions.

Founded in Australia in 2012 our team of over 270 Octonauts now spans the globe. We combine high growth and big ambitions with a sustainable balanced working environment. Our revenue has grown consistently between 30–50% every year for the past 8 years and we’ve been profitable for 10 out of the past 11 years. [In 2024 Octopus Deploy acquired Argo maintainers Codefresh the leaders in enterprise GitOps.] Octopus now provides the industry's most comprehensive Continuous Delivery solution for organizations operating at scale.

We’ve been remote-first since 2015 and work with an uncommon level of transparency. You can read our public handbook to learn how we work. We have a transparent approach to compensation that ensures people doing the same work with the same skill get paid the same with well-defined career pathways. We foster a supportive collaborative and high-trust environment. We leave our job titles at the door and focus on doing what’s best for our customers and team. Our leaders never shy away from answering the tough questions at our all-hands calls or in 1:1s. We conduct interviews and onboarding virtually as part of being a remote-first company.

We are seeking a dedicated Security Engineer to join our Security Operations team and contribute to our mission of ensuring the security and integrity of our systems and data. In this role you will work closely with our Security Analysts to implement and maintain our security tools and systems. Additionally you will participate in our Security Partner Program collaborating with teams within our R&D organisation to design and implement secure systems and applications.

You will also be part of our Quick Reaction Force (QRF) responding to issues related to our security tools and systems during business hours only.

You will be a great fit for this role if you have:

• Experience designing and implementing secure systems and applications.

• Familiarity with infrastructure as code (IaC) and containerisation and orchestration tools.

• Experience with security tools and systems such as intrusion detection/prevention systems and vulnerability management platforms.

• Proficiency in conducting security audits risk assessments and penetration testing.

• Familiarity with security frameworks and standards such as ISO 27001 Soc II Type 2 and CIS controls.

• Strong communication and collaboration skills with the ability to work effectively with cross-functional teams.

A typical day might include:

• Collaborating with teams within our R&D organisation: As part of our Security Partner Program engage with teams within our R&D organisation through various channels such as Slack Zoom and Google Docs where you could provide security guidance risk analysis aid decision-making or perform code reviews.

• Plan design and implement secure systems and applications: As part of our quarterly planning be the directly responsible individual (DRI) for a project to implement a new security tool or platform that will improve our overall security posture.

• Maintaining our security platforms and infrastructure: Ensure the reliability and effectiveness of our security tools and platforms perform regular updates monitor performance and troubleshoot issues as they arise.

• Creating and maintaining documentation: Ensure our documentation is kept up to date as changes are made within our domain.

• Responding to service disruptions and escalations: As part of our Quick Reaction Force (QRF) address and resolve service disruptions relating to our security tools and platforms or assist our Security Analysts with escalated issues.

Compensation:

Octopus has an internally open and transparent system for compensation . Any Octonaut can view the compensation for any role at any level. This ensures people doing the same work with the same skill get paid the same.

The compensation for this role is:

Level 2

Maturing: $135k + stock options

Performing: $140k + stock options

Benefits include a minimum of 25 days annual leave up to 10 days of paid sick and carers leave 12 weeks of fully paid parental leave with flexible return options and stock options. Learn more .

Below is the interview process you can expect for this role. We know interviewing can seem daunting but rest assured we designed our interview process to move quickly while still getting you all the information you need.

👋🏼 Initial chat [30 min]

Meet with a Talent Acquisition Partner to cover initial questions from you and from us to get a better understanding of the role and Octopus.

💻 Technical Interview [45-60 min]

In this interview you’ll participate in a tabletop exercise with the hiring manager and a member of the Security Operations team. You’ll be tasked with fixing a recently broken deployment and identifying security misconfigurations and vulnerabilities in the pipeline and application. At the end of the exercise we welcome any questions you may have!

🧑‍💻 Panel Interview [45-60 min]

In this interview you’ll chat with the hiring manager and meet cross-functional team members. You can expect a mix of leaders and individual contributors to join the chat. By the end of this call you should have a great idea of what it’s like to work at Octopus. We should also have a great idea of what it would be like to have you on the team! We’ll ask any final questions and encourage you to do the same.

Our public employee handbook is the best place to learn more about life at Octopus. It includes our values how we structure teams career progression leave and benefits and much more.

If you're enthusiastic about this position even if you don’t meet all the criteria above we wholeheartedly encourage you to submit your application. Our talent team is in-house and we recognize that every individual brings something unique. We take the time to review every application and consider how you might add to the team.

We know your time is precious. If you apply we promise to update you at least once per week about the status of your application and to give you clear expectations for each step in the journey.

[Note to Search Firms/Agencies]

Octopus Deploy does not compensate search firms for unsolicited assistance unless they have a written search agreement with Octopus Deploy and the requisition is position-specific. Any resumes curriculum vitae and other unsolicited assistance from search firms that do not have a written search agreement or position-specific requisition submitted to any Associate of Octopus Deploy will be deemed the sole property of Octopus Deploy and no fee will be paid in the event the candidate is hired by Octopus Deploy.