DevSecOps

Transmit Security gives businesses the modern tools they need to build secure, trusted and end-to-end digital identity journeys to innovate and grow.

CX-focused, cybersecurity conscious leaders rely on Transmit Security's xCIAM platform to provide their customers with smooth experiences protected from fraud across all channels and devices.

Transmit Security serves many of the world's largest banks, insurers, retailers, and other leading brands, collectively responsible for more than $1.3 trillion in annual commerce.

About the Role:

As a DevSecOps engineer you will be a part of our DevOps group and play a critical role in designing and implementing application and infrastructure security programs that will make sure that our systems continue to be secure and compliant with our clients' high bar.

You will work closely with developers and DevOps engineers to help identify and remediate application and infrastructure security issues.

What you'll do:
Implement an application security program
Design and implement security automation and controls within CI/CD pipelines utilizing SAST, DAST and SCA tools
Collaborate on architecture reviews, threat modeling, and developer security training sessions to elevate AppSec maturity
Implement an infrastructure security program
Integrate and implement CSPM controls within a high scale cloud environment.
Own strategy for security in IAM, secret management and similar security-critical components
Own security training and review for DevOps teams.
Orchestrate execution of penetration testing on infrastructure and application and a bug bounty program
Own compliance processes within DevOps
Build and continuously improve SOC2 compliance processes and audit readiness tooling
Lead technical responses for internal and external audits, working closely with GRC, engineering, and cloud teams to resolve gaps and strengthen security posture.
What you'll need:
At least 3 years of experience in Application Security and Infrastructure Security in a SaaS company operating in a highly regulated market (finance, healthcare, crypto, security)
Experience managing SoC2 or ISO 27001 certifications.
Strong software development capabilities and application security knowledge.
Strong expertise in AWS, Google Cloud, and Azure security best practices.
Hands-on work with CI/CD, IAC, artifact repositories and related technologies (GitHub Actions, Jenkins, ArgoCD, JFrog, Terraform, CloudFormation)
Hands-on work with CSPM, SCA, SAST, secret scanning and similar tools (ORCA, Veracode, …)
Hands-on work with building automations and integrations around security tools.
Familiarity with SOC 2, ISO 27001, or NIST frameworks and 24x7 cloud security operations in regulated environments.