Our team is looking for an experienced Security DevOps engineer in AWS to join us. Our group is diverse and tight knit. We use open-source tools, build AWS environments, and deploy web services like GoPro Subscriptions ecosystem that serve millions of GoPro customers. We use tools like Linux, GitHub Actions, Puppet, Terraform, Redis, PostgreSQL, and Nginx. We automate in Python, Ruby, and bash. Our security suite includes AWS Guard Duty, AWS Config, AWS Inspector, AWS Shield, WAF, and Security Hub.
The Security Engineering role embraces DevOps practices to protect the integrity of our cloud-based systems and customer data. You will automate security solutions across the stack, participate in the SDLC at each phase, provide best-practice guidance, and deliver security-related roadmap milestones. In this role, you will be embedded with the Engineering organization and participate in project planning, implementation, and day-to-day tactical support of software and infrastructure engineers. You will also serve as a key liaison to the company-wide Information Security organization.
We use agile sprint models to support several dev teams that build web services and front-end components. We actively iterate our processes with input from the team. We also run our own projects related to infrastructure, automation, monitoring, continuous integration, and internal tools. We're a services organization with a service-oriented mindset. Our job is to increase dev velocity and ensure stable and secure production systems.
What You’ll Do
- Define requirements for and implement CI/CD pipeline components related to security configuration and validation;
- Participate in SDLC code review process to identify cloud configuration security risks;
- Contribute to codebases including Infrastructure-as-Code, configuration management, developer tooling, and application configuration;
- Coordinate Engineering-wide standards and processes related to secure cloud configurations, secrets management, authentication, data security;
- Regularly review existing tools such as AWS Trusted Advisor to identify and rank security risks;
- Gather requirements for the selection and implementation of 3rd party and AWS-provided security solutions;
- Focus on developing solutions for Disaster Recovery of the infrastructure;
- Participate in security incident response processes as required, including root cause analysis (RCA);
- Partner with Information Security staff on company-wide security initiatives;
- Own and maintain the Web Scanning initiatives;
- Participate in internal and external security audit activities;
- Contribute to our bug bounty program;
- Perform penetration testing on our platform and contribute to developing solutions;
- Developing threat and vulnerability detection techniques for GoPro’s cloud platform.
Skills We’re Excited About:
- 3-5+ years experience working in an agile software development environment in a development, security, or operations role;
- Bachelor’s degree in Computer Science or a related field;
- Intermediate to advanced AWS experience in the areas of Identity and Access Management (IAM), Networking, Compute, Storage and DevOps;
- Proficient in Python, Ruby, or a similar programming language;
- Solid understanding of Linux OS fundamentals;
- Working knowledge of host-based security telemetry and SIEMs;
- Excellent communication skills. Comfortable driving design discussions, incident responses and interacting with senior leadership;
- Preferred: experience with CI/CD workflows, containerized deployments, and network-layer security.
- Live it. Eat it. Love it. – Two dedicated hours during your week to explore your passions and capture it with your GoPro;
- Get your very own GoPro camera + gear;
- Competitive salary and discretionary annual performance-related bonus;
- Gym fee compensation;
- Discounted employee stock purchase plan;
- Professional + personal development opportunities, i.e. LinkedIn Learning;
- Opportunities to get involved in the causes that you care about (annual camera donation + volunteer events);
We strive for the day that no group can be described as underrepresented at GoPro – whether as part of our brand or in our workforce. We are committed to providing a more inclusive, representative, equal, just, and happy world. GoPro is proud to be an Equal Opportunity Employer.
#flexible #DevOps #DevSecOps #AWS #Cloud #InfoSec #AppSec