Ci Cd Jobs at Figment

As a member of the Figment Security Management Team, you will be responsible for planning, design, testing, implementation, and maintenance of security systems that monitor and protect the organization from vulnerabilities and threats. Successful applicants must be capable of evaluating systems, applications, and processes to identify common vulnerabilities and weaknesses and work with other departments to provide mitigation strategies.

You will utilize knowledge of security of operating systems, networking and protocols, firewalls, databases and middleware applications, forensics, scripting, and programming to actively monitor, scan and detect vulnerabilities, risks, exposures and intrusions and effectively translate highly technical information to internal customers in a way that supports CIS and broader Figment goals. You will support fellow security and platform engineers, and application developers with remediation recommendations and validation of corrective actions.

What you'll be doing...

• Deploy and maintain security tooling at Figment. (AV/EDR. IDS/IPS, DLP, Logging & Monitoring)
• Document processes, procedures, and workflows for Blue Team operations.
• Partner with engineers to remediate vulnerabilities found in applications and infrastructure.
• Partner with engineers to identify security gaps and integrate security into the software development lifecycle.
• Solid experience in secure coding, cryptography, vulnerability assessment, static and dynamic application security testing.
• Familiarity with encryption fundamentals: PKI, Encryption, Digital Signatures, & Key Management.
• Strong in one or more multi-platform Object-Oriented programming skills e.g., C, C++, Java.
• Perform scheduled technical security exercises, security assessments, and code audits.
• Familiarity with managing infrastructure configuration through infrastructure-as-code principles
• Prepare strategies to protect high risk blockchain keys that have 100% online requirements.
• Communicate the importance of security to the wider organization in a clear and simple way.
• Develop scripts, tools, or methodologies to enhance Figment’s blue teaming processes.

Where you'll be working...

This role will be remote based

What we’re looking for...

You’ll need to have:

• Bachelor's degree or four or more years of work experience
• Strong technical background and understanding in the areas of Enterprise Infrastructure, Information Security and Automation tools e.g., Terraform, Ansible, Chef, Puppet
• Working knowledge of Cloud Provider security architecture design patterns (AWS, CloudFoundry, Azure etc.)
• Experience in building and maintaining security systems
• Experience with OWASP, static/dynamic analysis, and common security tools.
• Experience in shell scripting or automation of simple tasks using Perl, Python, or Ruby.
• Experience with Red, Blue, or Purple teaming exercises.
• Strong knowledge of tools used for Blue Team operations including SIEM, endpoint protection, network detection, vulnerability scanning, cloud security, forensics and incident response.
• Strong technical writing and communication skills

Even better if you have…

• A degree in a technical field.
• Software Engineering experience
• Solid understanding of public cloud environments including AWS, Azure and GCP.
• Solid understanding of TCP/IP with the ability to perform protocol-level network analysis.
• Solid understanding of various operating systems such as Windows/Linux/MacOS.
• Experience with SOAR, SIEM, threat intelligence platforms, vulnerability assessment tools, Cloud platforms, EDR, Cyber threats and attack vectors, exploitation methods, IOC and TTP's.
• CI/CD development pipeline experience for application security technologies.
• Familiarity with Terraform, Ansible, AWS, Azure, GCP. Kubernetes and Git.
• Familiarity with common virtualization technologies like Docker, Kubernetes, and VMs.
• Industry certifications such as CISSP, PNPT, CRTP, OSCP, AWS Security Specialty, Comptia Security+ or CySA+.
• Knowledge and understanding of security risks involving Web3, blockchain protocols, and smart contracts.