Nord Security is a leading cybersecurity solutions provider with the product family of five advanced cybersecurity solutions: NordVPN, NordLayer, NordPass, NordLocker, and NordWL. We have one true goal - to give true online privacy and security to as many people as we can. The risk department controls everything risk-related, including secure information and applications. We collaborate to develop scripts and security automation tools to enhance application security testing processes, perform application security scans using SAST/DAST tools, ensure that mobile/desktop applications are sufficiently tested, and assist with internal and external audits.
What You Will Do
- Build, test, and maintain infrastructure and tools, which allow for secure, agile software development and automated releases;
- Document DevOps processes, including developing standards to guide operations, support, and maintenance;
- Ensure software design security and define secure implementation practices;
- Develop scripts and security automation tools to enhance application security testing processes;
- Work together with the Application Security team and other IT personnel for cyber security problems resolution;
- Perform application security scanning using SAST/DAST/SCA tools;
- Identify manual processes that can be automated in an efficient manner;
- Mentor other engineers, define our technical security culture, and help build an Application Security team presence across our product range.
What We Expect
- Strong knowledge in Docker, Kubernetes, CI/CD Pipeline (GitLab, Azure DevOps), Infrastructure design, and IaC (Terraform);
- Demonstrated experience with secure development, coding, and engineering practices;
- Experience with SAST tools maintenance and setup would be a benefit;
- AWS and Azure knowledge;
- Proficiency in automation and monitoring tools (ability to automate repeatable tasks via scripting) for Linux and Windows environments;
- Ability to define and deploy monitoring, metrics, and logging systems;
- Experience working with Agile Development Practices;
- Experience with Security as Code (SaC) tools;
- Understanding of DevSecOps Maturity Model;
- Ability to build and maintain relationships and influence key stakeholders across the business;
- Sense of ownership with strong problem-solving and investigation skills.