Senior DevSecOps Engineer
Posted 3 days 1 hour ago by Parity Technologies Limited
Full time - Remote
About Us
Parity is one of the world's most experienced core blockchain infrastructure companies, having built and pioneered some of the most advanced technologies in the blockchain sector. Parity was founded by Dr. Gavin Wood, co-founder and former CTO of Ethereum, the primary engineer behind the Ethereum Virtual Machine (EVM), inventor of the Solidity programming language, and primary author of the Ethereum Yellowpaper.
Based in Berlin, London, and Lisbon, Parity has built clients for Ethereum, Bitcoin, and Zcash and has pioneered a completely new, next-generation blockchain protocol with Polkadot and the framework it's built with, Substrate. Parity builds the open-source technologies needed to power an unstoppable, decentralised web-known as Web3-and helps developers and organisations implement and build upon the Web3 tech stack.
People in Our Collective Are- Highly motivated to contribute to Parity's mission and be part of something bigger
- Excited to work on projects that are groundbreaking and complex
- Autonomous workers that self-initiate, but also collaborate well with others
- Taking maximum accountability and having minimum ego at work
- Comfortable with chaos and adapting to the ever-changing Web3 space
- Continuously educating themselves about Parity and the wider ecosystem
The DevSecOps team is pivotal in helping Parity's teams to secure our networks, operating systems, containers, pipelines and code. We are part of the Security team with a mission of reducing the impact of threats to Parity and its products, bolstering their resilience against potential cyber threats.
About the position:This is a crucial role where your understanding of people, systems and security will allow you to advocate for and influence best practices in a diverse free-thinking organisation while facilitating smooth development and implementation processes. It is a unique opportunity to help secure an innovative organisation where feedback is direct and honest and understands that a checkbox approach doesn't get results.
It involves:
- Advising Infra Engineering and IT teams on security topics and supporting their work from the security standpoint - maintaining things practical using a risk-based approach with a focus on the following areas:
- Automation of security controls, security hardening of the developer and IaC processes (building, testing, release), supply chain security (part of the build process), related metrics and monitoring/audits
- Network, VM & container image and system hardening, Cloud issues and misconfigurations
- Endpoint Security, Infrastructure Identity and Access Management, SIEM, Threat intelligence, common misconfigs (DNS, email, networking, etc.)
- Organising and performing penetration testing of our infrastructure, and collaborating with external parties on those tests.
- Picking tools, methods and approaches to maintain and improve the security stance of the company (we have a strong preference towards FOSS tooling when possible).
- Writing and enabling adoption of company-wide security standards and guidelines, as well as implementing tools and automation to enable their deployment.
- Mentoring other team members on all matters related to security and IT and infrastructure engineering.
You should be able to demonstrate:
- A focus on outcomes (rather than activities) and outcome-based delivery
- An ability to provide leadership within a team of skilled DevSecOps professionals, ideally with experience of leading and growing a team.
- Ability to partner with multiple teams in order to tackle issues including clarifying requirements, communicating and convincing them
- Comfortable with a Linux-based tech stack (managed VMs, SSH, VPNs, firewalls)
- Experience with Kubernetes (incl. managed), Terraform, Ansible, Github, Gitlab, ArgoCD, Image registries
- Experience with various cloud platforms including Google Cloud, non-managed providers
- We'd love it if you had an understanding of blockchain tech and associated tooling (wallets, keys, RPC nodes and indexers etc.)
- Ideally, you'll live within 2 hours of UTC+0, but exceptional candidates outside of this timezone will also be considered.
- Competitive remuneration packages based on iterative market research, including tokens (where legally possible)
- "Future of work" environment that's remote-first and self-initiating with flexible hours
- Team mates that are genuinely excited about their impact and projects
- Access to the brightest minds in this space to learn about Web3 and develop your skills and knowledge while on the job
- Becoming part of the wider ecosystem (career and networking opportunities)
- Team and company-wide retreats
- Work laptop