Senior DevSecOps Engineer

Aon's Cyber Solutions is hiring a Senior DevSecOps Engineer

We are looking for a Sr. DevSecOps Engineer to play a fundamental role in building advanced technical solutions in the cloud for cybersecurity practitioners.

Your impact

Aon Cyber Solutions helps companies address their cybersecurity risk. We help them understand where they’re vulnerable; advise them on how to correct it; and respond when they’re attacked. We’re a team of technologists who love to build things and solve problems!

You will help build and secure a data processing environment in the cloud, for a suite of inhouse and open source applications. You’ll write code to automate build processes, deployment, monitoring, log analysis, and vulnerability assessment. You’ll help integrate static analysis, regression and load testing, and threat hunting into our practices. You’ll share your deep understanding of security principles with team members, simplify systems whenever possible, document configurations and architectural choices, and keep up-to-date on the threat landscape.

You’ll work in a team, with expert developers and DFIR practitioners, and deliver sophisticated DFIR and cybersecurity solutions which our practitioners will use to help our clients. You’ll keep those solutions secure, and your own needs and insights will help us improve our services. Your code will scale to deliver valuable security capabilities to our clients around the world, and handle terabytes of sensitive data with stringent guarantees.

About you

We’re looking for someone who builds things the right way, constantly identifies new problems to solve, and knows how to work as a member of a high-performing team.

• You’re a skilled DevOps expert with hands-on knowledge of infrastructure-as-code.
• You have strong programming skills – Python, Ruby, Perl, or a similar systems-level language.
• You’ve used several AWS technologies in production and you’re enthusiastic about serverless.
• You’re experienced with automated provisioning/configuration management via CDK, Puppet, Chef, Terraform, or an equivalent.
• You are motivated to learn new skills and technologies and sharing new skills with others.
• You recognize common vulnerabilities instantly, and love finding weaknesses in systems.
• You care deeply about Confidentiality, Integrity, and Availability. You prefer security by correctness to security by isolation, and isolation to security by obscurity.
• You believe in automated testing, data-based decision making, and simplicity.
• You have a passion for building things that solve real-world problems. You possess a proven track record to see things as they should be, to communicate that vision to others, and to build it. You can work collaboratively with a variety of colleagues and clients in a remote environment.

Requirements

• 3+ years of cloud-based software engineering and operations experience.
• Past experience in a security-oriented role.
• Strong knowledge of AWS IAM, VPC, S3, ALB/NLB, API Gateway, CloudWatch, and CloudTrail.
• Experience deploying and maintaining secure web applications in Linux/Unix environments.
• Hands-on experience with AWS infrastructure-as-code via CDK, Terraform, Puppet, or the equivalent (we currently use CDK in Python).
• Intimate experience with DevOps tools, CI/CD pipelines, and common security applications.
• Comfort with agile development.
• Excellence in verbal and written communication, and in working collaboratively remote development environment.
• Proficiency with version control.

Desired Skills

• Proficiency with Python 3 and Django deployment in production.
• Demonstrated experience with ECS Tasks, Fargate, API Gateway, Lambda, SQS, and Athena.
• Comfort with ELK stack design and usage.
• Experience with threat intelligence, threat hunting, vulnerability scanning, and anomaly detection.
• In-depth knowledge of encryption and authentication technologies, like mTLS, SSH, SAML, OpenID, and JWT.
• Mastery of CI automation systems.
• RDBS (especially PostgreSQL) and NoSQL data store expertise.
• Performance monitoring and optimization.

Education Required

• BS or BA in Computer Science, Mathematics, or Statistics, or equivalent experience.

We offer you

A competitive total rewards package, continuing education & training, and tremendous potential with a growing worldwide organization.