Principal DevSecOps Engineer
Second Front SystemsFull Time
Senior (5 to 8 years)
Candidates should possess a Bachelor's degree in Computer Science, Information Security, or a related field, along with 10+ years of experience in application security, including 3+ years as a developer. Highly desirable are industry certifications such as CISSP, CWAPT/CASS, CISM, or CISA. Extensive experience with DevSecOps, securing CI/CD pipelines, and secure coding requirements like OWASP ASVS is essential. Familiarity with data protection regulations (GDPR, HIPAA, CCPA) and securing AI/ML pipelines is a plus.
The Application Security Architect will lead the integration of security into the software development lifecycle by collaborating with development, engineering, and DevOps teams to embed security practices and enforce secure coding standards. They will integrate and automate security testing tools into the CI/CD pipeline, evaluate runtime protection solutions, and champion shift-left security principles. Responsibilities also include securing containerized environments, managing secrets, defining logging and alerting strategies, and supporting secure deployment methods. The architect will conduct security architecture reviews, develop security standards for various applications, design API security strategies, and lead legacy application security modernization. Additionally, they will perform threat modeling, risk assessments, serve as a primary security advisor, influence security strategy, create and deliver security training, and maintain security documentation.
Software solutions for field service management
WorkWave specializes in software solutions for field service management, catering to businesses that provide services at customer locations, such as pest control, lawn care, and HVAC. Its suite of products includes tools for scheduling, dispatching, customer relationship management (CRM), billing, and mobile workforce management, all designed to automate processes and enhance operational efficiency. WorkWave operates on a subscription model, allowing clients to customize their software access based on their needs and scale as their business grows. Additionally, the company offers specialized services for private equity investors, providing support and resources to optimize investments in the field service sector. WorkWave's goal is to continuously improve its offerings and ensure clients have access to the latest technologies while fostering a remote-first work environment for its employees.