Bitrise is currently the hottest and market leading CI/CD platform as a service company. The organisation is growing very quickly, we have agile DevOps teams and multiple locations across the globe. As an IT Security Engineer you'll be working in a team reporting to our Head of IT Security. You will improve the security of our platform, review and try the latest and greatest security solutions. You will have a hand in all other security tasks and grow the security culture at Bitrise.
What you will be doing:
Review and strengthen the security of our platform.
Proactively look for new security solutions to improve the security posture of Bitrise.
Design and help implementing new security tests and checks in our CI/CD build pipeline.
Introduce new security practices to the Organisation.
Test security controls.
Create security awareness programs, promoting security within Bitrise.
Work on new security policies.
Improve the security of the SDLC of Agile DevOps teams.
Transition DevOps teams to SecDevOps methodologies.
Monitor and react to security incidents and anomalies.
Review legal and contractual security requirements and make sure the Bitrise complies with them.
Review and implement cloud security solutions (SIEM, IPS, anti-virus, DLP in a cloud environment).
Proactively keep your technical and industry knowledge up to date using the resources provided.
What you should bring to the table:
At least 3 years of work experience in IT Security with exposure to both technical and governance related tasks.
Experience with Cloud security such as AWS, GCP, Heroku etc.
Experience working in an Agile environment.
Excellent English, both written and oral.
Good working knowledge of webapp security.
Working knowledge of security standards such as SOC2 and ISO27001.
A positive, can-do attitude and a proactive approach to doing work.
You can stand out by:
Experience with CI/CD platforms.
Having previous experience in large multinational companies as well as startups.
Programming experience in GO.
Full-stack dev experience.
Having security related certs such as CISM, CISSP, OSCP.