Deriv.com | Full time
DevSecOps Engineer
Dubai, United Arab Emirates | Posted on 09/01/2023
Job Description
Deriv Group is one of the largest brokers in the world, with over 1,200 team members and 20 global offices. In a journey spanning more than 22 years, we have designed and implemented proprietary trading products and services, growing our markets to over 2.5 million customers worldwide. Our mission has remained the same throughout: to make trading accessible to anyone, anywhere. Deriv Life and Deriv Careers illustrate our focus on client satisfaction, excellence, innovation, and, most importantly, integrity. Join us to experience the excitement of a fast-paced, collaborative environment where we challenge ourselves to push the boundaries of what's possible in the fintech industry.
Your role
As cyber threats evolve, it becomes increasingly important to incorporate security as a core element of the software development process. In this challenging and rewarding role, you will be responsible for designing and implementing systems that prioritise security from the beginning of the software development life cycle (SDLC). By working closely with the software development, security, and operations teams, you will help to improve processes, tools, and culture to ensure that security is treated as a shared responsibility. Through your efforts, our continuous integration and continuous delivery (CI/CD) are done securely.
As a DevSecOps engineer at Deriv, you will have the opportunity to make a real impact on our company's success. You will have the chance to work on cutting-edge technologies and stay up-to-date with the latest DevSecOps best practices. If you are a highly skilled and motivated engineer with a passion for building secure, scalable, and reliable systems, apply for this role to take on a new challenge and make a real difference.
Your challenges
Introduce security checks earlier in our processes for both development and operation through automation.
Process monitoring: Regularly check and monitor processes and systems to identify any potential vulnerabilities or weaknesses.
Writing risk analyses: Evaluate and analyse the potential risks associated with different processes, systems, or technologies and document the findings in written reports.
Incident management: Respond to and manage security incidents, such as data breaches or cyber-attacks, immediately and effectively.
Testing, selection, and implementation of technologies, tools, and working methods: Evaluate and test different security technologies, tools, and working methods to determine their effectiveness and implement those that are deemed appropriate for the organisation.
Automation of security controls: Create and implement automated processes and tools to improve the efficiency and effectiveness of security controls.
Control and management of security operations: Manage and oversee the various security operations and processes within the organisation to ensure that they are effective and aligned with the overall security strategy.
Build a "safety culture": Support various teams in the implementation of good security practices and work to cultivate a culture of security within the organisation.
Requirements
In-depth knowledge of, and experience with, AWS core components including, EC2, EKS, AWS Networking (Subnetting, Route Tables, SG’s, VPC, VPC Peering, NACLS, VPN), RDS, Storage (S3, EBS), SSO, and Federation
Ability to discuss all AWS features and aspects, address security concerns surrounding each, and provide preventive solutions for securing each component both individually and as a part of a complex setup
Hands-on experience with tools like CloudTrail and GuardDuty to monitor and detect security threats
Demonstrable experience with security incident response procedures, including handling past incidents and creating automated processes to notify teams and gather information about security incidents
Demonstrable experience with remediating security problems, including automated processes in AWS to remediate security issues based on event-driven solutions
University degree in computer science or a related field
Strong understanding of software development, security, and operations principles and best practices
Proficiency in one or more programming languages (e.g. Python, Java, C#)
Experience with DevOps tools and practices (e.g. Git, Jenkins, Ansible)
Knowledge of security principles and practices (e.g. authentication, authorization, encryption)
Strong problem-solving skills
Excellent spoken and written English communication skills
Benefits
Exciting work challenges
Cooperative work environment
Individualised career graph
Knowledge sharing and training sessions
Hackathons to help you expand your tech stack
Competitive salary
Health benefits
Work permit Annual performance bonus
Casual dress code
Travel and internet allowances
* Inspiring work environment and creative freedom
