DevSecOps Software Engineer

You will architect, design and implement Emma's technology platform, supporting our ambitious business growth. You will improve the existing cloud-based (AWS) CI/CD enabling a seamless and secure software development experience that empowers tech product teams to autonomously deliver working increments of software and self-operate them (‘you build it - you run it' approach). You will implement infrastructure tasks abstraction for software developers in Infrastructure-as-Code fashion using Pulumi. You will implement comprehensive infrastructure and application monitoring/logging, error detection and countermeasure automation. You will drive continuous and secure delivery practices (deployment automation, trunk-based development, test automation, test data management, .... You will fully own, i.e. develop, maintain and operate (full DevOps) your team's tech stack. You will be a team player as part of an agile, empowered team and contribute to the development of fellow software engineers. You will ensure that information security is integrated into all aspects of the software development lifecycle, including but not limited to: o Active scanning for bad coding practices, e.g. credential spilling to code repository o Integration of code quality analysis in CI/CD processes (i.e. automated scanning for ‘code smells') o Tracking and enforcing application of relevant standards, such as OWASP top 10 o Frequent monitoring of relevant security bulletin / notifications (i.e. CVE scanning) o Checking and updating of used 3rd party dependencies (immediate after CVE severity 7 and higher reports) o Security monitoring, detection, and response o Regular performance of internal and/or external Information-Security checks (e.g. security audits, vulnerability/bug bounties, penetration testing, game days, ...) o Planning & testing of crisis reaction practices in case of cyber-attack incidents

What you'll do:

• You will architect, design and implement Emma's technology platform, supporting our ambitious business growth.
• You will improve the existing cloud-based (AWS) CI/CD enabling a seamless and secure software development experience that empowers tech product teams to autonomously deliver working increments of software and self-operate them (‘you build it - you run it' approach).
• You will implement infrastructure tasks abstraction for software developers in Infrastructure-as-Code fashion using Pulumi.
• You will implement comprehensive infrastructure and application monitoring/logging, error detection and countermeasure automation.
• You will drive continuous and secure delivery practices (deployment automation, trunk-based development, test automation, test data management, ....
• You will fully own, i.e. develop, maintain and operate (full DevOps) your team's tech stack.
• You will be a team player as part of an agile, empowered team and contribute to the development of fellow software engineers.
• You will ensure that information security is integrated into all aspects of the software development lifecycle, including but not limited to:
o Active scanning for bad coding practices, e.g. credential spilling to code repository
o Integration of code quality analysis in CI/CD processes (i.e. automated scanning for ‘code smells')
o Tracking and enforcing application of relevant standards, such as OWASP top 10
o Frequent monitoring of relevant security bulletin / notifications (i.e. CVE scanning)
o Checking and updating of used 3rd party dependencies (immediate after CVE severity 7 and higher reports)
o Security monitoring, detection, and response
o Regular performance of internal and/or external Information-Security checks (e.g. security audits, vulnerability/bug bounties, penetration testing, game days, ...)
o Planning & testing of crisis reaction practices in case of cyber-attack incidents

What we are looking for:

• You have experience designing and implementing security controls for cloud infrastructure
• You stay current with industry trends and new technologies to improve security processes and procedures continuously.
• You have participated in incident response and post-incident (post mortem) review processes.
• You have experience developing and maintaining security documentation and policies.
• You have several years of proven experience in software and infrastructure operations and incident management (24/7), ideally in an E-commerce business.
• You have a deep understanding of DevOps and SRE practices.
• You have experience in CI/CD (GitHub, or similar) solutions and cloud infrastructure virtualization with Kubernetes & Docker.
• You have experience with Infrastructure as Code (Pulumi, Terraform or similar).
• You have good experience in infrastructure automation coding using scripting (Shell, Python or equivalent).
• You have good experience with Linux-based servers. (EC2, Beanstalk, Kubernetes).
• You have good experience with public clouds, ideally AWS (network, firewall, databases, etc.).
• You have good understanding of ISO/OSI networking protocols (TCP/IP, DNS, HTTP, etc.).
• You have experience working with encryption and/or cryptography technologies such as TLS, HTTPS, etc.
• You have an extensive experience in Pentesting and/ or incident response.

This is what we offer:

• A combination of personal and company growth to accelerate your career and help you reach your goals.
• The chance to work on exciting and challenging projects either independently or as part of a dedicated, international team.
• A big focus on Team building (e.g., hosting face-to-face events, virtual book clubs, virtual hangouts etc.)
• Responsibility and decision-making authority from day one—you'll create an impact with new, innovative ideas and help shape our company DNA.
• To work and learn from experts in diverse fields and get to know your team members at exciting company events.

Become an Emmie Emma is transforming the world of sleep - and we want the highest-performing people to help us pull it off. We want you. But only if you're willing to go all in. Only if you're willing to question, disrupt, innovate, and create from the ground up. We proudly celebrate diversity. We are an equal-opportunity employer committed to promoting inclusion in our workplace. We consider all qualified applicants for employment without regard to race, ethnic origin, religion or belief, gender, gender identity or expression, sexual orientation, national origin, disability, or age. Our aim is to get back to you in a couple of days, however, we are currently receiving a large number of applications and this might lead to a delay in the process. We will get back to you as soon as possible!