We are redirecting you to the source. If you are not redirected in 3 seconds, please click here.

DevSecOps Engineer at MeridianLink. Remote Location: US Remote. Position Summary:. The DevSecOps Engineer, of the Security Operations and Compliance subfamily of the IS and Compliance job family, is responsible for the organization's information security, compliance, and risk management programs to safeguard internal company data and the data of our clients. The Security Operations and Compliance subfamily is responsible for the management of the company's information security policies, processes, and toolsets; vendor risk management in terms of their information security practices; audit; and compliance with internal security policies, government regulations, vendor security requirements, and customer security requirements. The DevSecOps Engineer will review and assess the security of applications and infrastructure within the products' development stage. The professional level 2 role will provide expertise and best practices to address application development security concerns. The role will oversee the management and remediation of identified security flaws within DevOps processes.. Expected Duties:. The DevSecOps Engineer will assist in user issues while working with SR. DevSecOps Engineer. Expected to assist in designing, building, and testing scripts in native and tool-dependent languages for continuous integration, continuous delivery pipeline to limit manual testing and troubleshooting. Responsible for following the direction for the development of an automated framework for Security Tool deployment and development, leveraging various scripting languages and open-source solutions. The DevSecOps Engineer will use Security-as-Code principles, build templates to automate security vulnerabilities, and suggest and implement proper alternatives. The role will maintain interfaces with outside systems, analyze downtimes, analyze proposed system modifications, upgrades, and identification of new commercial off-the-shelf software. Expected to follow necessary monitoring, auditing, and reporting frameworks that produce artifacts supporting security and compliance needs. Participate in the internal CSIRT on-call rotation. Qualifications: Knowledge, Skills, and Abilities. A level 2 professional position will perform simple to moderately difficult/moderately impactful aspects of the role independently, and the position will support seasoned peers and management on difficult to complex aspects of the role. The individual will develop professional expertise in the subject area and will apply MeridianLink policies and procedures to resolve a variety of issues. The role will work on problems of moderate scope that are varied in a routine where analysis of situations or data requires a review of a variety of factors. The individual will receive little instruction on day-to-day work and general instructions on new assignments.. Ability to determine a course of action based on guidelines and modifies processes and methods as required. Ability to exercise judgment within defined procedures and practices to determine appropriate action. Ability to build productive internal/external working relationships to resolve mutual problems by collaborating on procedures or transactions. Bachelor’s degree and 2-4 years of related experience or equivalent work experience. Ability to build productive internal/external working relationships to resolve mutual problems by collaborating on procedures or transactions. 3+ years of experience in software engineering/software development, including Web apps and technologies. 1+ years of hands-on experience in implementing/maintaining CI/CD, security, and data pipelines. Experience in languages such as Python, C+, Java, Powershell, and Understanding of modern web technologies and relationships between them. 1+ years of experience using SSH including managing and upgrading software and systems via SSH. Understanding of Linux, NGINX, DNS, Docker, TLS, GitLab, Artifactory. Knowledge of the Linux command line, patch management, and related information security functions (authentication, encryption, SSL, etc.)