TIP: Senior Security Ops Engineer at Upwork
Upwork ($UPWK) is the leading tech solution for companies looking to hire the best talent, maintain flexibility, and get more done. We’re passionate about our mission to create economic opportunities so people have better lives. Every year, more than $2 billion of work is done through Upwork by skilled professionals who want the freedom of working anytime, anywhere. Top companies connecting with extraordinary talent around the globe? Upwork is how.
This position is through Upwork’s Talent Innovation Program (TIP). Our TIP team is a global group of professionals that augment Upwork’s business. Our TIP team members are located all over the world.
If you view DevOps automation and security as mutually exclusive activities, this role is for you. Come join our Operations Engineering team at Upwork as a cloud operations security engineer with whom DevOps automation is second nature. This is a hands on role and the ideal candidate is experienced with the security realm, has executed DevOps automation, and is proficient in AWS cloud technologies. In this role, you’ll partner with our InfoSec team and Cloud Engineering to make recommendations, automate security controls, lead projects and find innovative ways to secure our production environment and CICD pipeline.
- Work with the InfoSec team, Cloud Engineering and application developers to automate key security tasks and embed security controls and processes within teams workflows
- Lead security efforts and projects within Operations Engineering, implementing and maintaining a variety of security tools focused on cloud (AWS) environments
- Coordinate with Information Security, Trust and Safety and internal DevOps & Application teams to assure designed frameworks and solutions are aligned with security and compliance requirements
- Develop and implement security in CI/CD flow
- Implement test automation to assure application is tested for security in the backend, UI, and integration before it is moved to the production environment
- Participate in security incidents and provide audit & certification support as needed
- Communicate effectively to help the team and stakeholders understand security issues and solutions as well as continuous delivery/Cloud concepts
- Engineer, implement and monitor security measures and remediation tooling for the protection of our production environment
- Implementation and ongoing execution of a program for proactive testing, patching and remediation of vulnerabilities within documented SLOs
- Maintain strong awareness of events in the external community to identify threats and opportunities for enhancement. Partner with InfoSec to apply those learnings to design, prioritize and implement solutions
Must Haves (Required Skills):
- 5 years of experience in DevOps, software development, infrastructure or architecture disciplines within a cloud environment with 2-5 years experience in Security operations, compliance or risk management
- Strong understanding of cloud primitives such as VPC, IAM Policy, KMS, WAF
- Proficiency in scripting using Ruby, Python, Bash, etc.
- Experienced with Chef/Puppet, Terraform, Jenkins, Git
- Experienced with Docker/Kubernetes/Helm
- Able to work full time with a 4 hour overlap during Pacific Standard time hours
Nice to Haves (Not Required):
- Familiarity with IT Security Frameworks such as SOC2, SOX, PCI, etc
- Extensive Knowledge and Hands on Skills with Docker and Container Security Tools
- Third party ecosystem tools for compliance and security
- Expertise in Data Protection, Compliance Validation, Vulnerability Analysis, Network Security, Infrastructure Security, Identity and Access Management, Logging and Monitoring, Incident Response, Resiliency
Upwork is proudly committed to fostering a diverse and inclusive workforce. We never discriminate based on race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical condition), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.