Dev Sec Ops Engineer

At Deckers Brands, Together, Every Step is a promise kept that every employee can bring their authentic self, is valued and supported, as a whole person, at work and beyond. Together, Every Step is how we continue to deliver exceptional business results, experience an amazing place to work, and have a positive impact on the communities and world around us. 

Job Title: DevSecOps Engineer

Reports to: Senior Manager Security Engineering

Location: Remote

Interested applicants must reside in one of the following approved states: Arizona, California, Colorado, Indiana, Massachusetts, Minnesota, New York, Oregon, Pennsylvania, Texas, Utah, Washington

The Role

Security as Code. Deckers Brands is looking for a talented engineer to join our Information Security Team. This role is for a unique personality that thrives on deploying and maintaining cyber security technologies, as they relate to code development. This individual will also assist in threat hunting, incident response, and your more “typical” security functions. Information Security Team members work closely with application development, operations groups, and business stakeholders across Deckers Brands to ensure that solutions are implemented and maintained in a manner that preserves the confidentiality, integrity and availability of our data. 

Security by design. This individual will be a critical resource for enabling the juncture of security and development to find mutual success. You will be the guiding voice that keeps our code aligned with security best practices and compliant with various global government and industry regulations.

We celebrate diversity--of your background, your experiences and your unique identity. We are committed to ensuring an inclusive and equitable workplace where all of our employees can Come as They Are. We believe that when we bring our different perspectives to work, we are truly Better Together.

Your Impact

The primary functions of this role, include but are not limited to:

• Perform penetration tests on internal and external code to ensure Deckers’ desired security posture is maintained
• Assist with the development, deployment, and maintenance of static and dynamic code analysis tools
• Perform security impact assessment on code releases to ensure the appropriate security controls are in place for the level of risk the code represents
• Work with global teams to audit and monitor software development lifecycle standards to confirm they are properly defined and maintained
• Work with development teams to tune Web Application Firewalls and DDOS solutions
• Provide “follow the sun” support for escalated Information Security-related requests and incidents, as well as participate in on-call support rotations, as needed
• Work with security operations analysts to perform deeper analysis of detected events
• Review 3rd party connections and communications to confirm they follow Deckers Brands security and compliance requirements
• Drive development of an Application Security Testing Orchestration (ASTO) environment
• Occasional travel to remote or regional offices may be required

Who You Are

You are a proactive and detail-oriented professional with a passion for cybersecurity and software development. You thrive in collaborative environments and possess excellent problem-solving abilities. Your strong communication skills enable you to effectively convey complex security concepts to both technical and non-technical stakeholders. You are adaptable, able to handle multiple priorities, and committed to continuous learning and improvement.

Collaborative: You work well with cross-functional teams and are capable of fostering positive working relationships with colleagues and stakeholders.

Problem-Solver: You have a knack for identifying potential security issues and developing innovative solutions to mitigate risks.

Strong Communicator: You can articulate complex technical concepts clearly and concisely to diverse audiences, ensuring everyone is on the same page regarding security measures and practices.
 

We’d love to hear from people with

• BA/BS degree, or equivalent experience
• Security professional certification, such as Global Information Assurance Certifications, Certified Information Systems Security Professional (CISSP), Systems Security Certified Practitioner (SSCP), AWS Certified Security – Specialty, Palo Alto Networks Certified Network Security Administrator (PCNSA), or other similar credentials, is desired
• 3 years’ experience in an either a development or DevOps role, or some combination of the two
• Experience working with eCommerce SaaS solutions with a preference for a background that includes Salesforce Commerce Cloud
• Knowledge and work experience in security cloud architecture with a focus on securing AWS environments. Particular value will be given to a candidate that has experience with AWS CloudTrail, CloudWatch, Landing Zone, IAM, and GuardDuty
• Understanding of Cloud Formation Templates and AWS CLI scripting to maintain infrastructure as code
• Understanding of Web Application Security for both web sites and web services, along with common vulnerabilities and attacks
• Deep and broad understanding related to database security and familiarity with database security scanning tools and techniques
• Experience with security practices such as security incident response and risk management
• Experience in the design, development, implementation and operational support of mission critical solutions in large scale environments and organizations
• Experience with the Atlassian suite of products: Confluence, Jira, and Bitbucket
• Familiarity with any of the following languages: Python, Ruby, Java, C++, etc. Experience writing shellcode is a bonus
• Ability to read exploit code to determine how it works, why it works and any modifications that may be necessary before using it in a test
• Fluent written and spoken business English
• A “breaker” mindset. You ask, “How are things NOT supposed to work?”
• Excellent verbal and written communication skills with a wide range of audiences including technologists, executives, business stakeholders and IT team members
• Great attitude and strong work ethic
• High level of creativity, quick problem-solving capabilities and strong analytical skills
• Excellent written and verbal communication skills
• High level of personal integrity, and the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity
• Must be a critical thinker with strong problem-solving skills
• Ability to work on multiple projects and meet deadlines by setting priorities with work projects
• Ability to establish and maintain effective working relationships with coworkers and clients
• High degree of initiative, dependability and ability to work with little supervision.

What We'll Give You

• Competitive Pay and Bonuses - We’ve created a variety of competitive compensation programs to foster career development, reward success and to show our employees just how much they’re valued.
• Financial Planning and wellbeing - No matter what financial goals our employees have set, we want to help them get there. Our plans provide powerful ways to protect income, pay for expenses and invest in the future.
• Time away from work - Sometimes we need time away to be with family, focus on our health or just simply recharge. Our plans support our employees’ needs to get out, get healthy and come back stronger than ever.
• Extras, discounts and perks - Being a valued member of the Deckers Brands team means more than just a paycheck. From generous discounts to community-based programs, we offer a variety of cool extras
• Growth and Development - Deckers Brands was built on the idea of pursuing passion. That’s why we offer extensive opportunities and support for personal and professional development.
• Health and Wellness - There’s nothing basic about our comprehensive health and wellness programs and offerings. While at work and at play, we aim to support a healthy lifestyle.
   

$130,000 - $140,000

The salary range posted reflects the minimum and maximum target for new hire salaries for this role in our Goleta, CA location. Individual pay will be determined by location and additional factors, including job related skills, experience, and relevant education or training. Your recruiter can share more about the specific salary for your preferred location during the hiring process.

Equal Employment Opportunity
Diversity and inclusion are key to our success. We are proud to be an equal opportunity employer and our employees are people with different strengths, experiences and backgrounds who share a passion for our brands. We welcome qualified applicants regardless of their race, color, religion, sex, sexual orientation, gender identity, gender expression, national origin, age, military or veteran status, mental or physical disability, medical condition and all of the other beautiful parts of your identity.

#LI-KM1