DevSecOps Engineer in Sophos Solutions

Acerca del empleo

Sophos.GFT es una compañía global de soluciones tecnológicas, con operaciones en 14 países alrededor del mundo. Nuestra casa matriz se encuentra en Colombia y contamos con filiales en 6 países incluyendo Colombia, Estados Unidos, México, India, Chile y Panamá. Somos más de 1.500 personas expertas en tecnología, liderando proyectos que están revolucionando la industria y transformando con éxito las instituciones financieras más importantes 🌎

A day in this role:

• Leverage infrastructure-as-code frameworks to provision and maintain cloud resources (Terraform)
• Design, build, and maintain critical security-related systems for CI/CD, secrets management, and other core services.
• Partner with our DevOps team to harden and secure cloud infrastructure.
• Work with team members to operate and enhance visibility and observability tools (SIEM)
• Work with team members to ensure that our assets meet baseline security standards.
• Continually validate our security controls relative to various assets across the estate
• Cloud assets
• Endpoint assets
• Network assets.
• SaaS assets
• Develop our security validation tooling to ensure that we are continually testing our security posture.

The expertise requested:

• 3+ years in a hands-on technical role in information security
• 3+ years of Cloud experience preferably with AWS
• 5+ years of infrastructure/software engineering experience with a focus on Cloud technologies
• Ability to write automation scripts and web services (Python, Bash)
• Experience with infrastructure-as-code frameworks (e.g. Terraform Cloud)
• Hands-on experience with public cloud providers (AWS)
• Experience working with git source control and CI/CD systems (Jenkins, Gitlab CICD/Runners)
• Experience with both Linux and Windows OS
• (Kubernetes, AWS ECS)
• Good understanding of enterprise architecture (to include endpoint, network, and cloud-based attack surfaces)
• Experience with SIEM technologies, event correlations, query management, and custom detections.
• Experience with asset hardening (CIS / STIG)
• Experience with Endpoint Detection and Response systems.
• Experience with Endpoint Protection Platforms
• Must demonstrate strong oral and written communication skills, with the ability to communicate technical topics to management and non-technical audiences.
• Must possess strong analytical, problem solving and documentation skills.
• Team player with a willingness to learn and be part of a world class seaudiences.am.
• B.S. in Computer Science or Engineering or similar technical program

Certificación en Seguridad de la Información

• Certificaciones como CISSP, CISM o similares pueden ser valoradas.

Experiencia con Contenedores

• Experiencia adicional en Docker o en la gestión de orquestadores de contenedores como Kubernetes.

Familiaridad con Normativas

• Conocimiento en normativas y estándares de seguridad (como ISO 27001, NIST) sería un plus.

Prepaid Medical Insurance: Comprehensive healthcare coverage.

Indefinite Term Contract: Permanent employment with no fixed end date.

Remote Work: Flexibility to work.

Points Redemption: Earn points that can be redeemed at various retailers.

Learning Academy: Access to continuous learning and development programs.