IT Security Engineer

Job description

Bitrise is currently the hottest and market leading CI/CD platform as a service company. The organisation is growing very quickly, we have agile DevOps teams and multiple locations across the globe. As an IT Security Engineer you'll be working in a team reporting to our Head of IT Security. You will improve the security of our platform, review and try the latest and greatest security solutions. You will have a hand in all other security tasks and grow the security culture at Bitrise.


What you will be doing:

  • Review and strengthen the security of our platform.

  • Proactively look for new security solutions to improve the security posture of Bitrise.

  • Design and help implementing new security tests and checks in our CI/CD build pipeline.

  • Introduce new security practices to the Organisation.

  • Test security controls.

  • Internal Penstests.

  • Code reviews.

  • Create security awareness programs, promoting security within Bitrise.

  • Work on new security policies.

  • Improve the security of the SDLC of Agile DevOps teams.

  • Transition DevOps teams to SecDevOps methodologies.

  • Monitor and react to security incidents and anomalies.

  • Review legal and contractual security requirements and make sure the Bitrise complies with them.

  • Review and implement cloud security solutions (SIEM, IPS, anti-virus, DLP in a cloud environment).

  • Proactively keep your technical and industry knowledge up to date using the resources provided.

Requirements

What you should bring to the table:

  • At least 3 years of work experience in IT Security with exposure to both technical and governance related tasks.

  • Experience with Cloud security such as AWS, GCP, Heroku etc.

  • Experience working in an Agile environment.

  • Excellent English, both written and oral.

  • Good working knowledge of webapp security.

  • Working knowledge of security standards such as SOC2 and ISO27001.

  • Scripting knowledge.

  • A positive, can-do attitude and a proactive approach to doing work.

You can stand out by:

  • Experience with CI/CD platforms.

  • Having previous experience in large multinational companies as well as startups.

  • Programming experience in GO.

  • Full-stack dev experience.

  • Having security related certs such as CISM, CISSP, OSCP.