About the company
In the new and exciting world of the decentralized internet, otherwise known as Web3, it is an individual’s fundamental right to own and control their digital identity. To ensure that the individual is paramount in Web3, we are developing products and infrastructure to enable everyone to safely engage, take part, and transact in the emerging, decentralized world of the internet. Our platform centers on Web3 Identity and leverages that identity to provide individuals with secure digital asset storage and recovery, the ability to prove ownership of their creations, and gateways to digital interactions and experiences – all to empower and benefit every Web3 user. We believe that the decentralized nature of Web3 creates an opportunity for everyone to challenge the digital status quo—to own and control their identity, data, finances, creations, and future. This is the chance to get it right – to rally a movement of individuals so Web3 belongs to everyone, not to trillion-dollar companies. To fulfill this vision, we are seeking dynamic people who want to join us in leading the way to this new world.
Job Summary
WHAT YOU WILL DO
📍As a key member of the Cyber/IT team with robust interaction across other functions – Product, Engineering and GRC – the DevSecOps Engineer will be critical to the realization of DevSecOps principles and best practices at Blockchains. You will provide leadership in the DevSecOps areas of Vulnerability Scanning, coordination of Remediation Patching, and other daily Security and Compliance efforts in software engineering, builds and deployments. You have tactical skills in development and IT operations experience as well as demonstrable cybersecurity savvy –a security-first mindset – and can analyze issues, articulate solutions, coach/mentor responsibilities for key functional groups, and catalyze action to advance us on our journey to DevSecOps excellence. 📍Manage app-sec lifecycle of architecture, tooling, and operations: Working productively with Engineering and Cyber/IT teams to accelerate momentum for CI/CD pipeline automation – from tooling and governance (process, procedures, and playbooks) perspectives – and motivate app-sec champions to own and drive adherence to standards. Serve as point of contact for product teams on all such matters. 📍Enabling and championing constant refinement in DevSecOps practices, including automation of SAST, DAST, IAST, MAST along with threat modeling, code peer reviews, penetration testing, security remediation and security monitoring/incident response enablement. 📍Hands-on experience building and maintaining CI/CD pipelines and automating manual processes, preferably in Gitlab. 📍Hands-on experience implementing and maintaining SAST and DAST tools like Sonarqube Sonar, BlackDuck, Snyk, Synopsis SRM, OWASP ZAP, Rapid7 InsightAppSec. 📍Work on cross-functional Cyber/IT, GRC and Engineering projects: 📍Identifying new tools or innovating existing provisions, tooling, or procedural, to drive new efficiencies and to augment impact of DevSecOps capacity and performance. 📍Identifying and proposing controls for risks, technical or operational, crafting appropriate governance apparatus for review, refinement, and adoption by team(s) upon approval. 📍Coaching to enable security champions and raise awareness – in peer-to-peer training, workshops, or less structured initiatives – of DevSecOps principles and practices, and work with team members across functions to drive corresponding tactics.
