DevSecOps Engineer

Roadie a UPS Company is a logistics management and crowdsourced delivery platform. Founded in 2014 Roadie offers businesses fast flexible and asset-light logistics solutions for last-mile delivery. Roadie enables local delivery to more than 95% of U.S. households by providing access to more than 200000 independent drivers nationwide – allowing businesses to offer their customers delivery optionality for almost any industry from airlines to artisans.

Under the supervision of the Head of TechOps reporting to the Information Security team the DevSecOps Engineer is responsible for supporting and implementing all aspects of secure SDLC including patching vulnerabilities in libraries code and conducting security audits. You will work closely with our development operations and security teams to ensure that our cloud infrastructure and Kubernetes deployments are secure scalable and efficient. Your primary responsibility will be to integrate security practices into the CI/CD pipeline automate security tasks and ensure compliance with industry standards.

What You’ll Do

• Work cross-functionally with the InfoSec SRE and Engineering teams

• Keep up to date with current vulnerabilities in the DevOps space patch mitigate or procure acceptance of the vulnerability by InfoSec standards

• Check code and repositories for insecure coding practices and work with Engineering teams to remediate

• Work closely with InfoSec to create and maintain Secure SDLC training

• Conduct security based quality assurance on pre-deployment packages and seek approval or denial of those deployments based upon security findings

• Conduct security based quality assurance such as dynamic and static code testing

• Work closely with Compliance and Engineering teams to conduct pre-project risk assessments

• Implement security checks and practices within CI/CD pipelines to ensure secure code deployment and infrastructure

• Develop automation scripts and tools to streamline security processes including vulnerability scanning patch management and incident response

• Conduct security training and awareness programs for engineering teams to promote a security-first culture

What You Bring

• Bachelor's Degree in Computer Science/Engineering or related work experience

• 3+ years devops or development experience in an enterprise environment

• 1+ years security risk or compliance experience

• Strong knowledge of security tools and best practices including vulnerability scanning (e.g. Nessus Qualys) SAST/DAST and container security tools

• Proficiency with scripting and automation languages especially IaC such as Terraform Crossplane etc

• Experience with various development methodologies tools and CI/CD tools such as Bitbucket Gitlab Github Circle CI Travis CI Argo CD Azure DevOps

• Security and DevOps certifications strongly preferred

Why Roadie?

• Competitive compensation packages

• 100% covered health insurance premiums for yourself

• 401k with company match

• Tuition and student loan repayment assistance (that’s right - Roadie will contribute directly to your existing student loans!)

• Flexible work schedule with unlimited PTO

• Monthly 3-day weekends

• Monthly WFH stipend

• Paid sabbatical leave - tenured team members are given time to rest relax and explore

• The technology you need to get the job done