Who We Are
EngageRocket makes workplaces better with people analytics. By providing insights on the overall health and employee experience of the workforce, we drive the right actions and behaviour for greater engagement and better productivity. EngageRocket is for every organization that wants to put culture first. By making it easy to collect, understand, analyse and act on employee feedback, we enable organisations to make better decisions, demonstrate impact, and turn company culture into a competitive edge.
The Opportunity at EngageRocket
We are looking for a driven DevSecops engineer to be part of our growing organization. The DevSecOps Engineer is an active contributor to our agile team and will largely provide leadership in securing the platform, enhancing and maintaining automated infrastructure orchestration and deployments.
- Develop/Enhance/Maintain automated infrastructure orchestration and application deployments
- Participate in planning activities and discussions on how we can secure the platform
- Develop and maintain automated tests
- Be an active member of the product development team in planning new features
- Conduct regular tests to the platform for potential vulnerabilities
- Help create the policies relating to platform operation and maintenance such as SLAs, Disaster Recovery Plans, Change Management, etc.
- Stay updated in current and new technologies and recommend where appropriate
Candidates must have:
- Prior experience in managing production infrastructure
- Experience working with developers and non-technical members of the organization in a dynamic environment to promote/implement DevSecOps program throughout the organization
- Experience or familiar with the following tools/services: terraform, kubernetes, docker, slack
- Experience in securing and managing AWS Services: VPC, EKS, ECR, EC2, etc.
- Familiarity with OWASP and experience in coordinating and performing vulnerability scans through automated and manual tools
- Familiarity with Information Security frameworks/standards (e.g. CIS, NIST, RFC2196, etc.)
- Comprehension in the Security areas of Key Management Systems, Certificate Management, Encryption, Penetration Testing, Vulnerability Scanning, Security and Monitoring Tools, etc.
- Good communication in English
- Commitment to lifelong learning
Preferred candidates are those who have:
- Developed and maintained orchestration of an entire infrastructure from the ground up
- Undergone compliance activities (SOC2/ISO 27001)