Sr. DevSecOps Engineer

Job description

Here at Zivver, we empower businesses to secure their sensitive email communications. Not only do we offer security, we breathe security - it is our DNA. To strengthen our own security team, we’re looking for a security purist to take full ownership of Zivver’s security environment. 


As a DevSecOps Engineer at Zivver, you’ll be part of the Security team that is responsible for guarding our solution from various threats. It is our core job to protect the confidentiality, integrity and availability of data. Your job will be to prepare Zivver for cyber attacks, inside threats and bad luck. Together with your team, you will both be responsible for building security measures and executing them. Therefore, you’ll collaborate closely with the Engineering team, and integrate security into the way we work at every opportunity. Yes, this means automate as much as possible!


Zivver won’t be your everyday environment. Being in scale-up mode means we are not a fully operational Security Operations Center. But what’s the fun in that, right? There will be an (almost) blank canvas for you to position security in the business.  


Hot takes

  • There is only security when it is embedded security
  • There is no bigger security expert than you
  • If it ain’t automated, it ain’t fixed


A day in the life of Zivver

You just started your workday when a colleague in the engineering team asks if you could brainstorm with them on how to embed security in the development pipeline. That is interesting, so you quickly plan a meeting for later that morning because you first have to check out a few alerts which need investigating; there appears to be some suspicious behavior going on on the platform. You spend a couple hours on this and are relieved: it was a false alarm. Nevertheless, you found a few easy ways to improve the alerting which can be picked up later this week.


After lunch you have a look at the incoming vulnerability reports in HackerOne. There is one interesting report on a possible bypass of a rate limiter. The report turns out to be valid. You respond to the security researcher and create a follow up ticket for the engineering team.

In the afternoon you attend the Security Core in which the security team comes together to discuss ongoing security concerns. You present the insight you gained by improving the intrusion detection tooling. The team is happy with the progress and asks some critical questions, and you leave feeling motivated and eager to continue working on this. 


For the last hour of the day you start investigating the best ways to improve your visibility on the vulnerabilities in the containers and create actionable output for the engineering teams. You want to make sure you have some good ideas before the brainstorm session with the Head of Security and the DevOps team tomorrow. After work, you head to the Hummingbar for a beer and get ready for the Hackathon that you have planned for the evening.  


Responsibilities

  • Together with the Head of Security and one other security engineers you will be responsible for improving the security operations of Zivver
  • You’ll implement ways to prevent, detect and respond to threats
  • You’ll keep full control over technical vulnerabilities in our entire suite of products
  • You’ll administrate and operate monitoring and detection systems
  • You’ll share insights on the technical risk levels of Zivver with the ISO and management.
  • You’ll advise the engineering and internal IT team on security best practices
  • You’ll increase security awareness and knowledge for your colleagues
  • You are the first responder to threats


Benefits

  • An exciting, fast-growing, energetic environment
  • International diverse team with over 27 nationalities - and yes, we offer Dutch classes too!
  • HQ in Amsterdam where you’re able to work a few days a week & full home office support to make sure you’re all set
  • Working from Bali, the US or Spain? Any place, anywhere: we fully support temporary working from X
  • At least €1.000,- per year on personal development budget
  • All the relocation benefits you need for a fresh start
  • Don’t worry about tomorrow: we’ve got you covered with a pension plan


Requirements

  • 5+ year experience as a security engineer

  • Blue team experience – you know how to hold the fort

  • You’re experienced with a cloud-based infrastructure, preferably AWS & containers

  • You’re experienced with vulnerability management

  • You have experience with threat management and intrusion detection

  • You have experience with SIEM products

  • You have worked with a Java ecosystem

  • Knowledge of security in the CI/CD pipeline

  • You’re a self-starter, but know how to involve your stakeholders

  • Ethical hacking experience and certifications is a plus

If you’re still reading and excited about this role, we welcome your application, even if you think you don’t meet all the requirements. We understand that no candidate is perfect, and would love to hear your story.