We are looking for a Senior SecOps Engineer to join and support a team building security solutions that help organizations monitor, assess and improve the security posture of open-source software.
The team works on a platform that provides unified visibility into open-source vulnerabilities, as well as a solution that delivers security ratings for open-source libraries. These capabilities help development teams make better risk-based decisions and improve the overall security of the software delivery lifecycle.
Responsibilities
- Support the development and enhancement of solutions for open-source vulnerability monitoring and security rating
- Contribute to the improvement of CI/CD pipelines and GitHub Actions-based workflows
- Apply DevSecOps and secure engineering practices across the software delivery lifecycle
- Collaborate with engineers, security specialists, product stakeholders and other team members to deliver reliable and secure solutions
- Analyze, prioritize and address security-related topics connected to open-source components and dependencies
- Share knowledge and support team activities to drive continuous improvement of product quality and engineering practices
Requirements
- 5+ years of experience in security engineering with background in DevSecOps practices, Secure Software Development Life Cycle and security-as-code approaches
- Understanding of Software Composition Analysis, open-source vulnerability management and OSS license compliance
- Knowledge of CVSS scoring, exploitability assessment, vulnerability prioritization and remediation strategies
- Proficiency in GitHub Actions, CI/CD pipelines and integration of security checks or quality gates into delivery workflows
- Understanding of open-source security principles, vulnerability management practices and relevant security guidelines
- Strong communication skills, ownership mindset and ability to work effectively as part of a cross-functional team