DevSecOps Engineer - Casa

Remote $125k–$155k 2 days ago full-time quality 9/10

Role in brief

Casa, a Bitcoin self-custody provider, is looking for a DevSecOps Engineer. This role involves enhancing security across internal systems, infrastructure, and the software development lifecycle. Candidates with a strong security background, experience in Linux and AWS environments, and a hacker mindset for problem-solving should apply.

LinuxAWSTerraformAnsiblepenetration testingthreat modelingcode analysissystem hardeningvulnerability scanning

About the role

As a DevSecOps Engineer at Casa, you will manage internal security requests, ensuring employees have necessary tools and access while adhering to least privilege principles. This includes onboarding and offboarding, overseeing the MDM system, and reviewing new technologies through a security lens. Your work directly contributes to maintaining a secure operational environment.

A key part of this role involves shaping and refining security best practices across the organization. You will triage and resolve vulnerabilities identified through various methods like penetration testing and static analysis. Automating security processes and alerts is crucial, as is participating in an on-call rotation for critical production security issues. You will also keep security documentation current and relevant.

Success in this position means continuously securing Casa's software development lifecycle and infrastructure. You will write infrastructure-as-code using tools like Terraform and Ansible to automate deployments and management. Staying informed about emerging threats and security trends, as well as investigating and resolving infrastructure incidents, are also core responsibilities to keep systems running smoothly and securely.

The salary range for this full-time DevSecOps Engineer position is between $125,000 and $155,000.

Skills that matter here

  • Linux: This role requires implementing security solutions within Linux-based infrastructures.
  • AWS: Experience is needed for securing environments hosted on Amazon Web Services.
  • Terraform: You will use Terraform for writing infrastructure-as-code to automate deployment and management.
  • Ansible: This role involves using Ansible or similar tools for infrastructure automation.
  • penetration testing: You will triage and address vulnerabilities surfaced by penetration tests.
  • vulnerability scanning: This role involves addressing issues identified through vulnerability scanning.

Who this role suits

  • You possess security certifications or equivalent real-world experience in the field.
  • You approach problems with a hacker mindset, thinking like an attacker.
  • You have over 5 years of experience implementing security in Linux-based infrastructures and AWS.
  • You are comfortable with open-source tooling, cloud environments, and multiple operating systems.

From the employer

WHAT YOU'LL DO:

  • Handle internal security requests and make sure employees have the tools and access they need without over-provisioning
  • Ensure that employees have access to the tools and systems they need while maintaining least privilege access principles
  • Onboard and offboard employees across internal systems
  • Oversee our MDM system and stay on top of alerts
  • Review and assess new technologies (tools, code frameworks, third-party providers, internal apps) through a security lens
  • Help shape and refine security best practices across the org
  • Triage and work through vulnerabilities surfaced by pen testing, static analysis, responsible disclosures, and automated alerts
  • Keep security documentation and training materials fresh and useful
  • Automate security processes and alerts wherever you can find the leverage
  • Participate in a shared on-call rotation for critical production security issues
  • Stay abreast of the latest security events and trends
  • Participate in regular security training and certification acquisition
  • Ensure our software development lifecycle remains secure as we continue to evolve its processes.
  • Write infrastructure-as-code to automate deployment and management using Terraform, Ansible, or similar tools
  • Stay current on emerging threats, security trends, and what's happening across our stack and industry
  • Investigate and resolve infrastructure incidents to keep things running smoothly

WHO YOU ARE:

  • You have security certifications or equivalent real-world experience
  • You think like an attacker, and a hacker mindset is genuinely how you approach problems
  • Deep background across multiple facets of security
  • 5+ years implementing security in Linux-based infrastructures, AWS, and code
  • Comfortable with open-source tooling, cloud environments, and multiple operating systems
  • Experience building security solutions that actually scale
  • Hands-on with one or more of: penetration testing, threat modeling, code analysis, system hardening, distributed patching, vulnerability scanning
  • Familiar with hardening AI tooling to prevent security incidents
  • Strong communicator who can present findings to both technical and non-technical audiences
  • Bonus points for experience or genuine interest in cryptocurrency / cryptography

WHY CASA?

At Casa, our mission is to empower individuals to secure their digital sovereignty, and we empower our employees to do their best work.

  • Ownership. Private key management is the beginning of a future you can truly own, and at Casa, everyone has a role. We offer equity opportunities so our employees can benefit from what we are building together
  • Community. Inclusivity is important to us. We value each other and our contributions. Our team, known as the Casa Space Fleet, brings out the best in everyone while having plenty of fun along the way
  • Rest and Relaxation. We believe in the power of personal time, so we offer as much flexible time as you need. We encourage you to take at least 3 weeks off a year
  • Health Benefits. We provide medical coverage with FSA options, dental, vision, and access to mental health providers
  • Setup for Remote Success. Our team is both decentralized and effective. We reimburse up to $400 for anything you need to set up your home office
  • Investment Avenues. We partner with resources so you can invest a portion of your paycheck in Bitcoin, and we also have the more traditional 401(k) option
  • Maternity/Paternity Leave. We provide 12 weeks for maternity / 4 weeks for paternity

As Casa is a fully remote company hiring candidates around the world, our perks and benefit packages may adjust based on your location

Questions about this role

What is the remote work policy for this role?

This is a fully remote position, and Casa is hiring candidates from around the world.

What level of experience is required for this position?

Candidates should have at least 5 years of experience implementing security in Linux-based infrastructures, AWS, and code.

What is the application process?

The job posting does not specify the application process, but interested candidates can visit Casa's website for more information.

Similar jobs

Before you apply

  • Legitimate employers never ask you to pay anything to apply or get hired.
  • Never share seed phrases or private keys. No real job needs them.
  • Do not install software ("test tasks", "trading tools", "video call clients") sent during hiring.
  • Check that the application page's domain really belongs to Casa.