DevSecOps Engineer

📋 Description

• • As a DevSecOps Engineer at Yubo, you will play a pivotal role in embedding security into the very fabric of our software development lifecycle. Reporting to the Head of Platform Engineering and collaborating closely with the Security Lead, your primary mission is to industrialize security practices across the organization, making security an inherent part of how we build, rather than an afterthought.
• • This role is designed for an individual who believes that the most effective security processes are those that are seamlessly integrated and minimally disruptive to developers. You will be instrumental in automating security checks, enabling development teams with secure tooling, and reducing risk at scale, all while ensuring the continued improvement of our production resilience.
• • Your core responsibilities will involve owning and enhancing our suite of code security tooling and automation. This includes the implementation, management, and optimization of Static Application Security Testing (SAST), Software Composition Analysis (SCA), and secret detection tools. You will ensure these tools are effectively integrated into our development workflows, providing timely and actionable insights to engineers.
• • You will also be responsible for enforcing and evolving our Dynamic Application Security Testing (DAST) stack. This involves not only managing the tools but also contributing to the preparation and refinement of our Red Team processes, helping to proactively identify and address potential vulnerabilities before they can be exploited.
• • A key aspect of your role will be integrating security checks and gates directly into our Continuous Integration and Continuous Deployment (CI/CD) pipelines. You will partner closely with the DevOps team to ensure that security is a non-negotiable step in the deployment process, preventing insecure code from reaching production.
• • Your efforts will be focused on reducing the noise of false positives and improving the overall quality and relevance of vulnerability signals. This is crucial for maintaining developer trust and ensuring that security feedback is perceived as helpful and actionable, rather than a hindrance.
• • You will be tasked with investigating alerts originating from various sources, including our bug bounty program, Security Information and Event Management (SIEM) systems, and Endpoint Detection and Response (EDR) solutions. This requires a keen analytical mind and the ability to quickly assess and prioritize threats.
• • Supporting the operational needs related to Identity and Access Management (IAM) will also fall under your purview. This includes managing access controls, ensuring least privilege principles are applied, and contributing to the overall security posture of our cloud infrastructure.
• • You will actively contribute to the investigation and remediation of code-related vulnerabilities. This involves working with development teams to understand the root cause of issues and guiding them towards effective and secure solutions.
• • Close collaboration with Backend Engineers is essential. You will act as a security champion, driving the adoption of secure coding practices and providing guidance and support to ensure that security is a shared responsibility across the engineering organization.
• • You will leverage tools such as Wiz, SentinelOne, Cloudflare, GCP, Datadog, Grafana, GitHub, Google Workspace, and YesWeHack to achieve these objectives. Your ability to work effectively within this ecosystem will be key to your success.
• • The ideal candidate possesses solid experience in AppSec, DevSecOps, or Pentester roles, with a proven track record of integrating SAST, SCA, DAST, and secret scanning into CI/CD pipelines. Understanding of containerized environments and modern CI/CD workflows is essential, as is comfort with cloud environments, particularly GCP.
• • You should be experienced in handling security alerts and participating in incident response, with a strong focus on automation and scalability over manual processes. A pragmatic approach to security, valuing practical solutions over theoretical perfection, is highly desired. This role offers a unique opportunity to shape the security culture at Yubo and make a significant impact on the safety and integrity of our platform.