DevSecOps

Remote

The company you’ll join

Evercast is the first real-time collaboration platform built for creatives by creatives. It combines video conferencing, HD live-streaming, and full-spectrum audio in a single web-based platform. No matter where in the world they're located, users can securely stream any creative workflow with ultra low latency and uncompromising quality. With features made specifically to facilitate creative collaboration, Evercast offers a digital experience that mirrors the ease and productivity of a team sitting shoulder-to-shoulder.

A recipient of the 2020 Engineering Emmy award, Evercast is trusted by major Hollywood studios, including Netflix, Warner Bros, HBO, and Sony Pictures -- as well as industry-leading creative agencies such as BBDO and Hogarth International. Each and every day, thousands of creative professionals use Evercast to collaborate remotely with their teams.

About the role

Our clients demand stringent security practices and we’re looking for someone who can ensure our web app is impregnable. We need an outstanding web application security engineer who isn't afraid of tackling exciting challenges in the world of real-time streaming, collaboration, and peer-to-peer networking. You will be working primarily on our core product.

The work you’ll do

As a Sr. DevSecOps Engineer, you will be a key member of our fast-growing engineering team. You will help build, maintain, and scale our production platform. You will work closely with the development and operation teams to help identify areas of opportunities and work on key initiatives to meet company goals.

A candidate must have demonstrated previous experience building and supporting scalable SaaS and platform-based systems. Alongside the day-to-day work, you will be a key part of growing the engineering and company culture from an early stage.

  • Primary Functions:
  • Be the Subject Matter Expert of the technical requirements in compliance programs. (NIST, SOC2, PCI)
  • Collaborate with InfoSec to identify security improvements and develop a roadmap to implement the improvements using automation and DevOps tools.
  • Build and maintain secrets management infrastructure and integrations.
  • Develop and maintain client libraries to integrate DevSecOps tools.
  • Develop OPA/TF_Sec policies for HashiCorp Terraform.
  • Maintain, mature, and audit security processes in our code and infrastructure.
  • Automate and codify supporting security systems in all phases of the SLDC.
  • Participate in compliance audits as security SME.
  • Mentor junior team members and co-workers on security best practices.
  • Create and document standardized processes, procedures and policies.
  • May need to work off-hours in response to production issues or high impact system changes

What we’re looking for

  • Demonstrated AWS experience and/or AWS Associate Level Certification
  • Experience with AWS security and infrastructure best practices.
  • Experience with compliance programs such as NIST, SOC2, and/or PCI.
  • Experience with Kubernetes and securing container workloads.
  • Experience with the infrastructure automation tools HashiCorp Terraform and AWS CloudFormation.
  • Experience with security automation tools like HashiCorp Vault, SOPS, AWS KMS, SSM,
  • Secrets Manager, AWS Inspector.
  • Experience with a programming language such as python, nodejs, go, or java
  • Experience with networking concepts, terminology, and configuration
  • Experience with PKI infrastructure, authentication protocols like OIDC, OAuth, and SAML.
  • The ability to communicate with technical and non-technical co-workers, at all levels of the org chart
  • Demonstrated experience with secure software development practices - AppSec -
  • Security and/or regulatory experience desired, OWASP 10 and Web Application Security
  • Experience with Threat modeling, risk assessment techniques, code reviews, and with the latest security best practices
  • emonstrated experience with automated security tools for SAST, SCA, DAST, IAST governance and scanning
  • Experience with cloud-based security management/IDS/IPS/SIEM tools, such as Splunk,
  • Dome9, AlienVault, AlertLogic, Fortinet, Threat Stack, etc.
  • Life-long learner - always looking to stay up to date with latest attack vectors, vulnerabilities, remediation and protection paradigms, etc.

We take care of our team

We strive to have parity of benefits across regions, and while regulations differ from place to place, we believe taking care of our people is the right thing to do.

  • Mission driven: We are not just another startup — we’re a group of passionate individuals who truly care about creatives. We believe that creativity brings people together from around the world, and our software exists to facilitate creatives working together, no matter where they are.
  • Impact: We are making a huge impact in the lives of creatives. We encourage every employee to push the envelope. Our best ideas come from out-of-the-box-thinking and innovation.
  • Compensation: Competitive pay based on the work you do, not your previous salary.
  • Benefits + Perks: 100% remote, top-tier health insurance, unlimited paid time off, generous procurement program, and more.

We value diversity

Evercast is committed to creating and nurturing an environment where anyone can be their authentic self. All qualified applicants will receive consideration for employment regardless of race, color, religion, sex, national origin, age, physical and mental disability, health status, marital and family status, sexual orientation, gender identity and expression, military and veteran status, and any other characteristic protected by applicable law.

Apply for this role

Uploading...
fileuploaded.jpg
Upload failed. Max size for files is 10 MB.
Uploading...
fileuploaded.jpg
Upload failed. Max size for files is 10 MB.
DevOps
DevSecOps
YN4FU7pxnGRMapUD
Thank you for applying!
Oops! Something went wrong while submitting the form.