Principal SecOps Engineer


Date: Sep 23, 2022
City: Chicago, IL
Contract type: Full time
Who We Are:

We believe a workplace food program is something employees should love and look forward to every day. Powered by technology and a network of over 1,000 restaurants, Fooda feeds hungry people at work through our ongoing food programs located within companies and office buildings. Fooda operates in over 20 major US cities with plans for continued expansion. Eight out of ten employees believe Fooda is one of their company’s top perks.

Position Description:

The primary focus of the Principal SecOps Engineer is to maintain the security, technology, wellness, and integrity of Fooda. The ideal candidate will assist Fooda’s engineering team in building a comprehensive software ecosystem in addition to instituting a fully integrated and secure systems architecture available to Fooda and its clients. The Principal SecOps Engineer will support Fooda’s Engineering, DevOps, and Product Management organizations in developing a highly functioning application security program for proprietary and integrated, open source and 3rd party applications. This individual must demonstrate an aptitude for outstanding collaboration, technical knowledge, and accurate and timely deliverables, including advanced troubleshooting, support, proper scoping, resource documentation and timely communication of security compliance deliverables

You will have:
  • Passion for Engineering, Technology and Information Security
  • B.S. Engineering / C.S. degree/SecOps, Security certification with equivalent experience
  • 2-5 years work experience supporting, deploying, automating security polices and scanning efforts
  • 3+ years of relevant SRE/SecOps, systems or software engineering experience; \"relevant\" being: Developing Internet-scale multi-user web/mobile/cloud type software products
  • Strong critical thinking and problem-solving skills that relate to application security
  • Demonstratable experience with Linux Systems Engineering and Automation - automation/configuration management using either Ansible, Puppet, Chef, Terraform, or an equivalent
  • Demonstrable experience of Cloud-based (i.e. AWS, Azure, etc.) services and API: AWS/Azure Certifications desirable
  • Relevant experience designing and rolling out scalable infrastructure using container orchestration systems like Docker and Kubernetes
  • Continuous Integration / Continuous Deployment practices and tooling
  • Knowledge of the OWASP top 10 and defensive coding techniques
  • Web technologies - HTTP, SSL/TLS, REST APIs
  • Streaming and database technologies such as Postgres, Kafka, Cassandra, and ElasticSearch desirable
  • Proven experience managing multiple projects and competing priorities in a fast-paced work environment
  • Knowledge of and experience with a wide array of application stacks
  • Ability to quickly learn and support new applications and technologies from an application security perspective
  • Ability to stay current with emerging security scanning technologies
  • Strong oral and written communications skills and emotional intelligence
  • Experience in monitoring, metrics collection and reporting using open-source tools is a plus
  • Experience working within an Agile development environment
What You Will Be Doing:
  • Producing value to the stakeholders by regularly shipping robust, high-quality features into the production environment
  • Securing the SDLC process via automation and security processes in CI/CD pipeline
  • Architecting and continuously improving infrastructure for cloud-based services and client interfaces
  • Contributing to SecOps, Operability, and Architecture Reviews with the team
  • Analyzing security systems, audits, and seeking improvements on a continuous basis
  • Developing, documenting, and maintaining SecOps implementation for the team
  • Integrating SecOps tools and services (code repository, artifact repository, source code analyzer, security scanning, testing tools, and an orchestrated integration and delivery platform) to enable automated application building, testing, and securing of our deployments
  • Creating and designing IaC solutions to promote services through the development, test, and production environments
  • Collaborating with team leads and management across the company to define shared capabilities
  • Communicating clearly and openly on incremental progress and informing the team of any help needed on impediments and roadblocks using the Agile methodology
  • Conducting technical Root Cause Analysis on vulnerabilities and identifying areas for further research, education, or testing
  • Creating proactive application security policies and procedures for scanning efforts
  • Collaborating effectively with stakeholders to complete our roadmap and priorities and deliver value
  • Working with customer/partner IT staff and cloud architects to build & maintain our environments
  • Leading CVE Vulnerability Triage meetings: track, assess, and document vulnerabilities
  • Working closely with DevOps team to ensure application security policies are updated and integrated with software deployment solutions
  • Leading teams through threat modeling exercises
  • Providing occasional on-call support and supporting customer meetings which may include irregular hours as needed
What We’ll Hook You Up With:
  • Competitive market salary and stock options, based on experience
  • Flexible PTO
  • Comprehensive health, dental and vision plans
  • Flexible spending accounts
  • Paid maternity and parental leave options
  • 401k matching
  • Company Issued laptop
  • Daily subsidized lunch program (ours!) and free food and beverages in the office
  • A fulfilling, challenging adventure of a work experience
Must be authorized to work in the United States on a full-time basis. No phone calls or recruiters please.

Powered by JazzHR

How to apply

To apply for this job you need to authorize on our website. If you don't have an account yet, please register.

Post a resume