Lead Application Security Engineer
Newark, CA, United States
We are seeking a highly skilled Sr SecDevOps Engineer with a strong background in cloud software service management and application security to join our dynamic team. In this role, you will play a crucial part in ensuring the reliability, scalability, and security of our software systems and digital experiences. You will work closely with the cross-functional teams to protect Lucid Motors’ applications, systems, and data. You will focus on automating and improving the security aspects of our code development and deployment practices as well as leading the application security triage and prioritization processes.
Roles and Responsibilities:
Design, implement, and maintain infrastructure as code solutions for managing and protecting cloud resources, ensuring scalability, resilience and security
Contribute to the security hardening efforts and producing sensible baseline configurations for all key Lucid Motors’ systems
Lead the application security processes including managing the existing security tools in the CI/CD pipelines, reviewing proposed project architectures, initial threat modeling, triage of the identified application security defects and the suggested fixes
Work closely with the development teams to promote best application security practices
Work closely with the infrastructure and the DevOps teams to ensure consistent implementation of the security standards including the remediation of the identified gaps in the security posture
Contribute to the bug bounty triage and remediation processes
Minimum Qualifications:
Bachelor's degree in computer science, Information Technology, or a related technical area
5+ years proven experience in DevOps, SRE, managing software service operations or related role
3+ years of experience in cloud environments. (AWS preferred)
Proficient in Bash, Powershell or other scripting languages.
Familiar with the Infrastructure as Code and “desired state” concepts including tools such as Terraform, Salt, Chef, Puppet etc
Knowledge of common attack vectors including OWASP Top 10
Experience in automating build and deployment infrastructure built on Kubernetes, Docker etc.
Experience in python programming or other shell scripting language
Experience with CI/CD tools (e.g., Jenkins, CircleCI) and version control systems (e.g., git)
Excellent problem-solving and communication skills
Preferred Qualifications:
In-depth knowledge of containerization technologies (Docker), orchestration (Kubernetes) and infrastructure as code (Terraform)
Proficiency in deploying, monitoring, and scaling containerized applications on AWS using EKS, ensuring high availability and performance
Proficiency in application security assessments, penetration testing, red team, purple team
#J-18808-Ljbffr