Security Engineer, DevSecOps
AerospikeSalary not specified
- Full Time
- Junior (1 to 2 years)
Not SpecifiedCompensation
Junior (1 to 2 years)Experience Level
Full TimeJob Type
UnknownVisa
Cybersecurity, GIS Software, Cloud ServicesIndustries
Requirements
Candidates should possess a Bachelor’s degree in computer science, Information Security, or a related field, or equivalent experience, and have at least 5+ years of experience in IT security with at least 3 years focused on DevSecOps, DevOps, or Security Engineering roles. Extensive hands-on experience with AWS services and security best practices is required, along with a strong understanding of GIS applications (specifically ArcGIS) and their security requirements. Proficiency in scripting languages such as Python, Bash, or Ruby, familiarity with CI/CD tools (e.g., Jenkins, GitLab CI, or AWS CodePipeline), container technologies and orchestration platforms (e.g., Docker, Kubernetes), and infrastructure-as-code tools (e.g., Terraform, CloudFormation) are also necessary. Knowledge of security standards and frameworks (e.g., NIST CSF) and the shared responsibility model in cloud environments (AWS, Azure) is preferred. CISSP, CISM, or DevSecOps-specific credentials are a plus.
Responsibilities
The DevSecOps Engineer will work with Elevate (GIS) teams to bake-in security controls as part of design and implement secure AWS architectures for GIS applications, provide security best practices for implementing COTS software such as ArcGIS in AWS, implement and maintain robust security measures & DevSecOps Framework (SHIELD) throughout every phase of development, from planning to deployment and maintenance across CI/CD pipeline, implement security policy-as-code (PaC) & Compliance-as-Code (CaC) and integrates continuous security testing within CI/CD pipelines, report on DevSecOps specific security metrics, KPIs, KRIs to track progress and demonstrate the value of security investments aligning with IT, Cyber L1, L2s, partner with SIOC team to perform code reviews and static analysis to identify security vulnerabilities, validate Identity and Access Management (IAM) policies and roles, secure data at rest and in transit using AWS encryption services, work with stakeholders to implement network security measures, stay updated on emerging threats, vulnerabilities, and security trends related to AWS, Azure and DevSecOps practices, promote cybersecurity awareness among developers and stakeholders, foster a security-first mindset across Elevate application platform teams, and promote shared responsibility for cybersecurity.
Skills
Cybersecurity platforms
Cloud security
AWS
DevSecOps practices
GIS applications
AWS architectures
COTS software (ArcGIS)
Security measures & Framework (SHIELD)
Policy-as-Code (PaC)
Compliance-as-Code (CaC)
Security testing
Code reviews
Static analysis
IAM policies
Encryption services
Network security (VPCs, security groups, NACLs)
Threats and vulnerabilities awareness
Security-first mindset
Astra
Provides launch services for small satellites
About Astra
Astra provides launch services specifically for small satellites, catering to commercial businesses, government agencies, and research institutions that need reliable access to space. The company operates small, agile rockets designed to transport these satellites into low Earth orbit (LEO). Astra's approach focuses on making space more accessible by reducing the costs and complexities associated with satellite launches, which allows a wider range of customers to utilize their services. Unlike many competitors, Astra emphasizes efficiency and cost-effectiveness in its operations, aiming to meet the growing demand for satellite-based services such as Earth observation and telecommunications. The company's goal is to facilitate more frequent and affordable satellite launches, thereby expanding opportunities for various applications in the space industry.
Alameda, CaliforniaHeadquarters
2016Year Founded
$291.8MTotal Funding
IPOCompany Stage
AerospaceIndustries
201-500Employees