Security DevOps Engineer

Security DevOps Engineer This role requires the individual to balance the needs of the businesses and available resources while developing and implementing solutions to secure the company. We expect the person in this role to apply cyber security industry best practices (NIST, CSA, OWASP, ISO) to evolve existing processes and technology at the pace of the business growth. You will be working with members across the enterprise, including technology, product, finance, and other parts to understand their current cyber security state, then identifying gaps and engineering solutions to align with the security program initiatives. You will own both the engineering, implementation, and documentation functions related to security. You will also work closely with the IT Support and System Reliability Engineering (SRE) teams to operationalize the solutions for the endpoints, infrastructure, and cloud services.The candidate will be responsible for engineering and implementing this company's Cyber Security program initiatives. This critical role ensures their data is protected from unauthorized access and disclosure. They believe safeguarding their customers' and partners' information is more than just checking a box for compliance reasons; they believe it's the right thing to do.Full Time Position, 145k-155k DOE, remote flexible to LOCAL candidates in the DC Metro Area.

• • Collaborate with business and technical members across to the enterprise to understand the current cyber security state
  • Identify gaps between existing controls and Xometry's cyber security roadmap
  • Engineer the solutions (processes, technologies) to mitigate the control gaps
  • Present the proposed solutions to the Senior Information Security Officer
  • Document and implement the new security controls
  • Collaborate with IT Support and Site Reliability Engineering (SRE) to operationalize the controls
  • Develop FAQ/Wiki to communicate new security capabilities to the enterprise
  • Take part of on-call rotation to triage any potential security incidents

• • In-depth knowledge of cloud technology and security (AWS, Terraform)
  • In-depth knowledge of CI/CD tools (DAST, SAST, Gitlab)
  • In-depth knowledge of information security best practices (NIST, CMMC, CSA, OWASP, ISO)
  • Knowledge of application security (static analysis, dynamic analysis, automated testing)
  • Knowledge of operating systems (Linux, Windows)
  • Knowledge of virtualization technologies (Docker/Kubernetes)
  • Knowledge of scripting languages (Powershell, bash)
  • Curiosity and passion for all things security and technology related
  • Willingness to ask for as well as provide help when needed
  • Strong verbal/written communication and presentation skills, including an ability to effectively communicate with both business and technical teams
  • Ability to influence others, strong attention to detail, excellent organization skills, and ability to time manage multiple projects

• • Health, dental, vision & life insurance coverage
  • 401(k) and company match
  • Paid time off
  • You'll be surrounded by a collaborative team that is working together to reshape the future of manufacturing
  • We move fast and experiment across the organization, and we aren't afraid to try new things
  • We invest in growing our people - personally and professionally
  • Competitive base salary & equity plan