About The Position
Fireblocks is a leading digital assets infrastructure provider for some of the biggest financial institutions in the crypto space. Fireblocks’ SaaS platform is used by hundreds of customers for conducting their robust financial operations on the platform
DevSecOps position will focus on developing, implementing, and supporting CI/CD security methodologies, tools, and guardrails for multiple teams across the company. The candidate must have a good grasp of modern software development and security practices and how they fit in with building a robust DevSecOps pipeline. This position requires a background in security solutions such as IaC, xAST, Container Security, SCA, API Security, and infrastructure development in multiple cloud environments.
The candidate should be able to forge productive working relationships with a wide variety of teams and be able to effectively document and communicate the processes and practices needed for a successful secured CI/CD and SSDLC workflows. Identify and implement security improvements and tools across multiple public clouds utilized in the delivery of the company’s customer-facing products and corporate applications. Implement secure practices, defense-in-depth, application monitoring, and event response tool sets to handle growing threats in the cloud. Work closely with DevOps, DBAs, Systems, and Network engineers to refine and enforce security practices.
Experience using version control tools (Gitlab preferred)
Experience using automation tools such as Bash, Python, Terraform, Ansible, and Gradle
Experience using Gitlab to develop CI/CD pipelines for automated build/test/deployment
Experience integrating security tools into CI/CD pipelines
Strong written and oral communications skills
Provide technical guidance and implementation support to multiple developer teams in multiple environments working
to establish, maintain, and secure CI/CD pipelines.
Support developers in the use of source control, build automation, continuous integration, security, testing automation and deployment automation.
Strong understanding of serverless technologies and security implications deployed in public cloud – AWS Lambda, Containers (EKS, Kubernets), etc.
Container and Kubernetes – Securing container images at rest, build, and runtime.
Experience deploying automated security tooling in CI/CD pipelines.
Infrastructure as Code (IaC) – Ansible, Terraform, Chef, AWS Cloudformation, etc.
Scripting languages such as Python, GoLang, Ruby, etc.