Kaseya® is the leading provider of complete IT infrastructure and security management solutions for Managed Service Providers (MSPs) and internal IT organizations worldwide powered by AI. Kaseya’s best-in-breed technologies allow organizations to efficiently manage and secure IT to drive sustained business success. Kaseya has achieved sustained, strong double-digit growth over the past several years and is backed by Insight Venture Partners www.insightpartners.com), a leading global private equity firm investing in high-growth technology and software companies that drive transformative change in the industries they serve.
Founded in 2000, Kaseya currently serves customers in over 20 countries across a wide variety of industries and manages over 15 million endpoints worldwide. To learn more about our company and our award-winning solutions, go to www.Kaseya.com and for more information on Kaseya’s culture.
Kaseya is not your typical company. We are not afraid to tell you exactly who we are and our expectations. The thousands of people that succeed at Kaseya are prepared to go above and beyond for the betterment of our customers.

DEVSECOPS ENGINEER JOB DESCRIPTION

Kaseya is seeking a DevSecOps engineer to execute security initiatives across the enterprise. This person is a technical contributor who will build and maintain infrastructure focused security solutions. This individual will be responsible for planning, coordinating, and executing initiatives that improve the security posture of Kaseya. To fulfil the job requirements, maintaining relationships between other departments is a must, including Information Security and Software Engineering.
An ideal candidate for this role is a DevSecOps Engineer with a passion for security. This person must have effective communication and project management skills. An ideal candidate would also need the ability to work autonomously and have a mind and motivation for continuous improvement.
The individual will work on a wide variety of interesting technical problems, operate at scale in an environment with over an exabyte of data, have opportunities to green field solutions, and operate with both autonomy and empowerment from senior leadership.

KNOWLEDGE & EXPERIENCE

• Familiar with cloud platforms such as AWS, Azure DevOps, OpenStack and GCP. Understand how to secure cloud resources and how to integrate security into cloud-based applications.
• Experience with provisioning and automation using tools like Terraform, CloudFormation, Ansible, Puppet and OpenStack.
• Familiar with Continuous Integration/Continuous Deployment (CI/CD) Tools like AzureDevOps, Jenkins, CircleCI, GitLab, Travis CI.
• Experience with Security tools and concepts used in all processes from SDLC to pipeline deployment. Technologies include SAST, DAST, Linting, Secret Scanning, Pipeline job templating, repo management.
• Familiar with Source Code Management (SCM) tools like AzureDevOps, Bitbucket, GitHub, GitLab. Understand how to configure these tools to automate the testing and deployment of code while integrating security measures.
• Familiar with containerization technologies including Docker, PodMan, OpenShift and Kubernetes.
• Experience with infrastructure vulnerability scanners such as Nessus, Qualys, or OpenVAS. Understand how to use these tools to identify and remediate vulnerabilities in applications and infrastructure.
• Familiar with logging, SIEM and metrics tools such as Splunk, ELK Stack, Prometheus, Grafana, Kubernetes Logging,etc.
• Experience with programming languages such as Bash, Python3, Ruby, Golang and PHP. They should be able to write code to automate security processes and integrate security into the overall development process.
• Familiar with encryption and key management tools: AWS KMS, Azure Key Vault, Google Cloud KMS, Hashicorp Vault, Kubernetes Secret Management
• Experience Identity and Access Management (IAM): Okta, AWS IAM, Azure Active Directory, SAML
• Familiar with code analysis tools like Linters, SonarQube, Snyk, Checkmarx, StackRox, etc.
• Experience with web application firewall (WAF) tools on prem and in cloud, and assisting in tuning them on a per application basis.

GENERAL QUALIFICATIONS AND EXPERIENCE

• Experience with driving cross-organizational changes.
• Default security-focused mindset.
• Ability to work effectively under pressure in a fast-paced environment.
• Good troubleshooting instincts and the ability to quickly triage / perform root-cause analysis.
• The desire and capability to see a problem through to completion.
• Ability to quickly acquire new skills and thrive in a team-based environment.
• Agility in an environment that requires rapid iteration and pivoting.
• Professional, courteous, and positive attitude.
• Great Project management skills with the capability to manage concurrent initiatives.
• Five plus years of experience with CI/CD platforms.
• Three plus years of experience securing applications via CI/CD pipelines leveraging static code analysis, unit and integration testing, dependency analysis, etc.
• Three plus years of experience performing threat and security design reviews.
• Three plus years of experience with containers.
• Three plus years of experience as a Software Engineer developing and maintaining an application.
• Five plus years of experience with Linux administration (full stack or DevOps experience counts).

• Security Testing and Analysis: performs regular security testing and analysis to identify vulnerabilities in the software development process. This includes conducting code reviews, penetration testing, and vulnerability scanning.
• Secure Infrastructure: ensures that the infrastructure used by the development team is secure. This includes configuring secure servers, monitoring security logs, and ensuring that security protocols are followed.
• Security Compliance: ensures that the development process adheres to security compliance standards, such as PCI-DSS, HIPAA, and GDPR.
• Security Automation: automates security processes, such as vulnerability scanning and code analysis, to ensure that security is integrated into the development process from the beginning.
• Security Education and Training: provides education and training to the development team to ensure that they are aware of security best practices and can implement them in their work.
• Incident Response: responds to security incidents, such as data breaches or cyber-attacks, by investigating and remedying the issue.
• Risk Assessment: performs risk assessments to identify potential security threats and develops mitigation strategies to reduce the risk of security breaches.
• Collaboration: works closely with the development team, operations team, and security team to ensure that security is integrated throughout the deployment process.