DevSecOps

Transmit Security gives businesses the modern tools they need to build secure trusted and end-to-end digital identity journeys to innovate and grow.

CX-focused cybersecurity conscious leaders rely on Transmit Securitys xCIAM platform to provide their customers with smooth experiences protected from fraud across all channels and devices.

Transmit Security serves many of the worlds largest banks insurers retailers and other leading brands collectively responsible for more than $1.3 trillion in annual commerce.

About the Role:

As a DevSecOps engineer you will be a part of our DevOps group and play a critical role in designing and implementing application and infrastructure security programs that will make sure that our systems continue to be secure and compliant with our clients high bar.

You will work closely with developers and DevOps engineers to help identify and remediate application and infrastructure security issues.

What youll do:

• Implement an application security program
• Design and implement security automation and controls within CI/CD pipelines utilizing SAST DAST and SCA tools
• Collaborate on architecture reviews threat modeling and developer security training sessions to elevate AppSec maturity
• Implement an infrastructure security program
• Integrate and implement CSPM controls within a high scale cloud environment.
• Own strategy for security in IAM secret management and similar security-critical components
• Own security training and review for DevOps teams.
• Orchestrate execution of penetration testing on infrastructure and application and a bug bounty program
• Own compliance processes within DevOps
• Build and continuously improve SOC2 compliance processes and audit readiness tooling
• Lead technical responses for internal and external audits working closely with GRC engineering and cloud teams to resolve gaps and strengthen security posture.

What youll need:

1. At least 3 years of experience in Application Security and Infrastructure Security in a SaaS company operating in a highly regulated market (finance healthcare crypto security)
2. Experience managing SoC2 or ISO 27001 certifications.
3. Strong software development capabilities and application security knowledge.
4. Strong expertise in AWS Google Cloud and Azure security best practices.
5. Hands-on work with CI/CD IAC artifact repositories and related technologies (GitHub Actions Jenkins ArgoCD JFrog Terraform CloudFormation)
6. Hands-on work with CSPM SCA SAST secret scanning and similar tools (ORCA Veracode )
7. Hands-on work with building automations and integrations around security tools.
8. Familiarity with SOC 2 ISO 27001 or NIST frameworks and 24x7 cloud security operations in regulated environments.