DevSecOps Engineer

Full Time
Opening date
Closing date
20 Nov 2021

Vroom is an innovative end-to-end ecommerce company that is revolutionizing the car buying experience. Our scalable, data-driven technology brings all phases of the vehicle buying and selling process to consumers wherever they are and offers an extensive selection of vehicles, transparent pricing, competitive financing, and contact-free, at-home pick-up and delivery. We have experienced tremendous growth and have become a disruptive force in the automotive industry. Vroom is an exciting, dynamic workplace, and there’s no better time to join the team than right now.

We are seeking a DevOps Security Engineer (i.e. DevSecOps) to work closely with our product teams in advancing platform capabilities in a secure manner. Reporting directly to the Director of Product Security, this individual will collaborate with cross-functional development, application & cloud development teams, consulting on security best practices and investigating, architecting, designing, and implementing new application build, test, release, and delivery solutions securely. This includes adding new features and functions to existing solutions, which meet Vroom’s business needs while ensuring security is a component of product quality. #LI-NB1

You will:

  • Work with the product, devops, and other teams to identify the right security architecture for implementing new solutions, products and features. Help develop, implement and support product security strategy.
  • Work closely with product management, engineering, and DevOps teams to implement, identify, and embed cybersecurity in a secure connected architecture.
  • Deliver general security concepts in the software development lifecycle (Identity and Access Management, encryption, web application security, security logging, pen-testing processes, etc.).
  • Support security initiatives and serve as a point of contact to build and securely scale cloud platforms.
  • Manage program risks through effective identification, mitigation, tracking, and reporting of the identified risks.
  • Present strategies, project plans and more to cross functional teams delivering risk management solutions that add value.
  • Analyze computer security incidents and recommend appropriate measures to respond to computer security incident activity.
  • Support the development of standards by creating templates and patterns for ease of use and increase the productivity of the security program

About you:

  • You are a hands-on engineer who leads by doing.
  • You have experience in building and releasing infrastructure-as-code (IAC) in a controlled environment with an understanding of full lifecycle configuration management.
  • You can leverage DevOps/DevSecOps tools to build, harden, maintain and instrument a comprehensive cloud-based security orchestration platform to be consumed in product CI/CD pipelines (Kubernetes, Terraform, SAST, DAST).
  • You have a grasp of application security.
  • You have the ability to multitask and prioritize multiple issues.
  • You are expected to work with various multi-disciplinary teams, so it is vital that you are a team-oriented individual with priority on the successful completion of group goals.
  • You foster and build a community of practice for collective learning of the security tools, practices, and systems across all disciplines

You have:

  • 5 years industry experience with at least 2 years experience in DevOps automation and tooling.
  • Familiarity with both automated (i.e. SAST, DAST, SCA, etc.) & manual testing activities (i.e., Penetration Testing).
  • Experience with cybersecurity domains including threat modeling, role-based access, OS hardening, vulnerability management, penetration testing, privacy, web applications, mobile applications, and cloud security.
  • Strong understanding of IaaS, PaaS and cloud technologies. Specific experience with IaaS AWS, PaaS, Microservices, and container frameworks such as Kubernetes.
  • Strong knowledge of DevOps, CI/CD and modern web and application development concepts, technologies, and lifecycle management.
  • Excellent communication skills, both written and spoken.
  • Experience collecting metrics, measuring systems and interpreting data to make decisions.
  • Bachelor’s degree in Computer Science, a related technical field, certifications, or equivalent practical experience.

Commitment to Diversity and Equal Employment Opportunity

Vroom is an equal opportunity employer that is committed to creating a work environment where all employees can find their drive. To do that, we champion a workplace where each and every person is treated with dignity and respect and is valued for their unique perspective and contributions. Our values of SPEED: Service, Progress, Employees, Engagement, and Development are only possible in an environment where every individual has the ability to bring their whole selves to work and contribute fully.

Vroomโ€™s policy is to maintain a working environment that encourages mutual respect, promotes harmonious and congenial relationships between employees, and is free from all forms of discrimination and harassment of any employee (or applicant for employment or service provider) by anyone, including supervisors, co-workers, vendors, or clients. Harassment and discrimination in any manner or form is expressly prohibited. There is no tolerance for discrimination or unequal treatment of any kind on the basis of race, color, religion, creed, gender, sex, sexual orientation, gender identity or expression, pregnancy, sexual and reproductive health decisions, national origin, age, disability, genetic information, marital status or civil partnership/union status, familial status, military or veteran status, predisposition or carrier status, domestic violence victim status, alienage or citizenship status, unemployment status, sexual violence or stalking victim status, caregiver status, or any other characteristic protected by law.

This practice applies to all terms, conditions and privileges of employment including, but not limited to, recruitment, selection, promotion, demotion, transfer, layoff, rehire, termination of employment, development and training, compensation, benefits and retirement.

Report · Embed ·

How to apply

ATTN. Be careful! You should never send cash or cheques to a prospective employer, or provide your bank details or any other financial information. We pay great attention to vetting all jobs that appear on our site, but please get in touch if you see any roles asking for such payments or financial details from you. The employer won't know who reported this job.

Share this job

Personalised job alerts

Set up personalised e-mail alerts about similar jobs.

See a few more

Related jobs in DevOps & SysAdmin

Report this job

The employer won't know who reported this job. Contact your local law enforcement for immediate help if someone is in danger or the victim of a scam.
All Job Ads are subject to Jobicy's Job Posting Policies. We allow users to flag postings that may be in violation of those terms. Job Ads may also be flagged by Jobicy. However, no moderation system is perfect, and flagging a posting does not ensure that it will be removed.

Job Widget Code

Place this code wherever you want the widget to appear on your page.

<script src="//" async></script>

Ask a Question

Position: DevSecOps Engineer.

Login to Send Message