Senior DevSecOps Engineer

Ready to be a part of the joy? Explore more about the Senior DevSecOps Engineer role below and apply today!

As a Senior DevSecOps Engineer you will be contributing to the overall design and direction of eCommerce Security Engineering across all our applications. This role is responsible for building platforms and frameworks to create consistent, verifiable, and automate management of applications and infrastructure between non-production and production environments. Guiding a team of DevOps Engineers, you will drive the design and automation of processes to support the CI/CD of digital technology, enterprise systems, microservices applications, and database services. You will also provide guidance or implement mitigation to address discovered abuse patterns using modern security tools and work with developers and performance engineers to help secure the solution.

This role is critical for developing and maintaining the security posture of digital commerce applications. You will be responsible for identifying and implementing security principles and best practices to ensure application security. Your tasks will include vulnerability scanning, creating processes for analyzing web traffic to identify abuse patterns, and addressing the impact of non-human HTTP traffic on performance and security by applying blocks, rate limits, tarpits, or other remediation methods.

This full-time position reports to the Director of Quality Assurance and has been categorized as a teleworker position. Teleworkers do not have a permanent corporate office workplace and, instead, work from home. To ensure sufficient overlap with functional and cross-functional team members globally, some flexibility with this role's regular work schedule will be required. Most of our teams have overlap with early morning and/or early evening PST. Specific scheduling needs for this role will be discussed in the initial interview.

What you’ll do:

• Provide guidance to a small team, defining tasks aligned with common goals, and fosters the professional development of team members through active discussion, feedback, coaching, and mentorship 
• Ensure direct and regular engagement with product/software development and infrastructure teams to achieve security compliance and security requirements within the organization
• Identify and address data security issues, provide secure coding guidance, assess vulnerabilities, and ensure regulatory compliance (PCI-DSS, HITRUST, NIST, SOX, SOC). Provide security guidance on infrastructural designs and organize numerous risk assessments to identify and eliminate application/product threats
• Automate software maintenance for CI/CD pipeline applications like Jenkins and SonarQube
• Implement and maintain cloud-based solutions on public cloud
• Partner with software engineers and QA team to automate and streamline our operations and processes
• Stay up-to-date on the latest DevSecOps trends and technologies and propose new solutions for continuous improvement

What you bring to the table:

• Minimum of four (4) years relevant experience in designing and building frameworks and tools  
• Experience in the design and implementation of fully automated Continuous Integration, Continuous Delivery, Continuous Deployment pipelines and DevOps processes for Agile projects
• Knowledge of IP networking, VPN's, DNS, load balancing and firewalls
• Experience with monitoring and log aggregating frameworks such as Kafka, Logstash, Splunk, ElastiSearch, NewRelic, and Kibana
• Experience implementing and designing cloud-native security concepts, DevSecOps or MLOps
• AWS/Azure Certification(s) such as Solutions Architect Pro, DevOps Engineer Pro, SysOps Admin, Developer Associate
• Experience in systems automation, orchestration, deployment, and implementation, as well as experience with scaling distributed data systems
• Hands-on experience with microservices and distributed application architecture, such as containers, Kubernetes, and/or serverless technology
• Ability to work with offshore teams & development partners

Location and Travel: At Balsam Brands, we believe that time spent together, in-person, collaborating and building relationships is important. To be considered for this role, it is preferred that candidates live within the Mexico City, Guadalajara, or Monterrey metropolitan areas in order to attend occasional team meetings, offsites, or learning and development opportunities that will be planned in a centralized location. Travel to the U.S. may be required for companywide and broader team retreats.

Notes: This is a full-time (40 hours/week), indefinite position with benefits. Candidates must be Mexican nationals to be eligible for this position; this screening question will be asked during the application process.  Velocity Global is the Employer of Record for Balsam Brands' Mexico City location, and you will be employed and provided benefits under their payroll. Balsam Brands has partnered with Velocity Global to act as your Employer of Record to ensure your employment will comply with all local laws and regulations and you will receive an exceptional employment experience.

• Check out our flagship brand, Balsam Hill: www.balsamhill.com
• Balsam Brands in Forbes: https://bit.ly/balsambrandsforbes2023 
• LinkedIn: http://www.linkedin.com/company/balsam-brands
• Glassdoor: https://bit.ly/balsambrands-glassdoor

Benefits Offered:

• Competitive compensation; salary is reviewed yearly and may be adjusted as part of the normal compensation review process
• Career development and growth opportunities; access to online learning solutions and annual stipend for continuous learning
• Fully remote work and flexible schedule
• Collaborate in a multicultural environment; learn and share best practices around the globe
• Government mandated benefits (IMSS, INFONAVIT, SAR, 50% vacation premium)
• Healthcare coverage provided for the employee and dependents
• Life insurance provided for the employee
• Monthly grocery coupons
• Monthly non-taxable amount for the electricity and internet services 
• 20 days Christmas bonus
• Paid Time Off: Official Mexican holidays plus Maundy Thursday, Good Friday and Dia de Los Muertos; 12 vacation days (increases with years of service); plus additional wellness days available at start of employment 

All your information will be kept confidential according to EEO guidelines.