The Sr DevSecOps Engineer is responsible for the supervision, implementation, and maintenance of Varsity Tutors’ cyberspace. They will plan, implement, manage, monitor and upgrade security measures to protect the organization’s data, systems and networks. They will work with 3rd party providers to carry out assessments and penetration testing. They will work with other departments within the organization to establish security protocols and processes to protect IT systems and data.

Qualifications:

• A bachelor’s degree in computer science, computer engineering or related technical field experience
• 7+ years of technology experience
• 3+ years as a Security Engineer (DevSevOps), or related experience, in a technical and remote customer-focused position
• 5+ years experience with Infrastructure as Code (IaC)
• 5+ years working with cloud providers such as AWS and GCP
• Proficient with AWS or GCP security offerings
• Experience in designing and implementing an enterprise-wide Cloud security architecture
• Proficiency with Security Information Event Management (SIEM) and vulnerability management solutions
• Knowledgeable in Shift Left Security: increasing visibility and remediation of security defects earlier in the CI/CD pipeline
• Experience implementing Policy as Code (PaC)
• Familiar with Open Policy Agent (OPA)
• Experience with Agile practices and NIST frameworks
• Familiar with SOC2, SOX and FERPA compliance
• In-depth knowledge of computer hardware, software, and networks.
• Excellent knowledge of networking technologies, particularly with OSI network layers and TCP/IP
• Ability to lead, prioritize, facilitate, organize and manage several milestones and projects efficiently
• Ability to learn quickly and keep up with technical innovation and trends in the Security field
• Experience with identity federation standards like SAML and OAuth
• Experience in documenting processes and monitoring performance metrics (OKR, KPI)
• Scripting (Bash, Python)
• Extensive experience working with different operating systems
• Exceptional interpersonal and communication skills
• Time management skills and the ability to establish reasonable and attainable deadlines for resolution.

Responsibilities:

• Conduct cyber risk assessment activities including threat modeling, vulnerability analysis and analysis of mitigation solutions
• Develop, present, lead and improve security awareness training programs for all employees
• Develop, evaluate, and analyze design constraints, trade-offs and detailed system and security design as they pertain to the cyber domain
• Coordinate with other DevOps Engineers, System Architects, and Developers to provide oversight in the development of robust solutions
• Work cross-functionally to assess risk and help deliver countermeasures that protect customers and company data
• Conduct cybersecurity tests and evaluations of hardware and/or software designs to verify and validate compliance with defined specifications and requirements
• Employ cybersecurity processes, methods, techniques and tools and assure their consistent application
• Implement appropriate assessment and authorization activities, as required
• Bake security controls into Engineering and DevOps pipelines (e.g., build automation and configuration management)
• Design and implement network-based and host-based Security tools.
• Design, implement and integrate security solutions into a centralized security analytics platform.
• Identify critical signals and indicators in logs and metrics, and build alerting and dashboards to visualize trends and areas of concern
• Designing and implementing public cloud security tooling in AWS, GPC, Azure, and Google Workspace
• Provide recommendations for ongoing improvements
• Perform security risk assessments and evaluations
• Building, managing and maintaining technical asset inventories and software bills of materialset

Varsity Tutors Leadership Principles:

Relentless Focus on Customers * Comfort with Ambiguity * Ownership * Simplify * Intellectual Curiosity * Build Teams * Think Big * Insist on High Standards * Bias for Action * Build Trust * Go Deep * Have Conviction * Deliver Results * Are Right, a Lot

Benefits/Culture:

• 100% remote position within the United States

• Competitive base salary and company equity (restricted stock units)

• Healthcare Plans (Medical, Dental, Vision, Life)

• 401k Company Matching Plan

• Maternity, Paternal, and Adoption Leave

• Flexible PTO

• Free Learning Membership for you and your household (1-1 tutoring hours, unlimited use of on-demand services, and access to our online classes)

• Once-in-a-lifetime opportunity to help transform how the world learns!

• Fun, collaborative, and team-oriented work environment with plenty of training and a feedback-rich culture

Varsity Tutors is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. (INDHP)