Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: InfoSec Jobs - DevSecOps Engineer Silicon Valley, CA Any of GCIH, GSEC, GCIA, GCED, GMON, GCUX InfoSec Jobs

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
DevSecOps Engineer
Company Nomis Solutions
Location Silicon Valley, CA
Preferred GIAC Certifications Any of GCIH, GSEC, GCIA, GCED, GMON, GCUX
Travel 0%
Salary Not provided
Contact Name Josh More
Contact Email jmore/at/
Expires 2018-08-12

Job Description

DevSecOps Engineer
The Nomis Solutions DevSecOps engineer helps design and implement next generation environments. This role will also maintain these environments for both in-cloud and on-premises systems. It is expected that candidates will possess a high degree of technical skill and interest in cutting edge technologies including integrating cloud hosting platforms and third party services and continual evolution of automation, scaling, monitoring, and reporting strategies. This is a highly technical, hands-on role which requires you to be a great team member as well as an individual contributor. This team is committed to delivering automation that provides the highest systems uptime and operations transparency.

Who We Are & What We Build
We have brilliant people using cutting-edge technology and complex analytics to customers in an environment that is increasingly competitive and highly disruptive. In over 75 implementations, Nomis customers are on track to optimize $1 trillion in transactions and generate $1 billion in incremental profits.

Who You Are
Do you crave the creativity and freedom of a startup - but want to work for a stable and a growing company? Do you get excited by large problems – petabytes, not gigabytes? Do you want to be encouraged to take smart risks – knowing leadership will support you when experiencing the occasional failures?

• Blend traditional security design with modern cloud principles to maximize the utility of both
• Run the vulnerability management program, identifying and investigating security concerns
• Manage the availability of production systems, tuning for capacity, stability, and performance
• Run the incident monitoring and management program, engaging in threat hunting when needed
• Implement the evolving security standards, policies, and procedures in production environments
• Continue development and enhancement of IAM technology and processes (SSO, AD, etc.)
• Monitor performance and availability metrics and align to customer SLA targets
• Manage vendor relationships and budgets for third party hosting services
• Develop technical documentation, including high-level design diagrams, data models, and data flows
• Assist in the maintenance and testing of Business Continuity Planning and Disaster Recovery efforts
• Engage in continuous learning and maintain a presence in Security and DevOps communities
• Serve on the global matrix team to provide 24x7 infrastructure engineering and support services.

Desired Skills & Experience
• Bachelor's Degree or equivalent
• Strong communications skills, both written and oral
• Programming experience: at least one of Python, Java, Shell, JavaScript
• Familiarity with at least one configuration management tool: Puppet, Chef, Salt, or Ansible
• Familiarity with orchestration and continuous integration concepts and tools: Jenkins, Git, Maven, etc
• Understanding of relational & NoSQL data stores, such as MongoDB, CouchDB, etc
• 3+ years of professional experience as a dedicated technical professional in a corporate setting
• 1+ years of experience with the Amazon AWS environment

Good Stories to Tell in the Interview
• Who have you learned the most from in your career and what made them special?
• What challenges might exist implementing cryptosystems at the file, transmission, and storage levels?
• Where in an AWS VPC you would place load balancers, application servers, databases, and key servers?
• Why you selected a particular certification (such as CISSP, GIAC, AWS, etc) and how you obtained it?
• How you identified and prevented or contained a significant attack (SQL Injection, brute force, etc)?