DevSecOps Engineer

Altenar is an international IT company founded in 2011, with offices in Malta, Greece, Georgia, the Isle of Man, and Uruguay. We specialize in high-load software development and provide one of the best technology solutions for the iGaming industry worldwide.

The DevSecOps Engineer shall work closely with the various Altenar teams to ensure that both security and compliance are maintained at all times. This shall be done through operational analysis and liaison with the operators of the software development lifecycle (Developers, DevOp Practitioners, service management role owners, for example) as well as liaison with all other actors in Altenar’s business. This role involves auditing, identifying vulnerabilities, responding to security incidents, and ensuring compliance with industry standards and regulations. The ideal candidate will have a strong background in cybersecurity, excellent problem-solving skills, and a proactive approach to preventing security breaches.

Key Responsibilities:

• Assisting in the design and implementation of the company information security framework. 
• Ensuring that all software development and deployment processes comply with relevant security policies, standards, and regulations, thereby protecting the organisation from legal and regulatory issues.
• Conducting risk assessments and vulnerability analysis to identify potential threats within the software and infrastructure.
• Monitoring and analysis of security alerts to identify irregular activity and security violations using the SIEM system.
• Investigating security incidents and providing detailed reports and recommendations for corrective actions.
• Performing and/or coordinating network and application penetration testing and vulnerability assessment.
• Assisting in the development and maintenance of the relevant technical standards and procedures.
• Creating, documenting, and sharing best practices and solutions for our CI/CD pipelines and ensuring security throughout the entire SDLC. 
• Collaborate with DevOps, Toolchain and development teams to embed best practices into our toolchain.
• Implementation of automated processes to generate and manage SBOMs for all software repositories.
• Manage the integration and configuration of Static Application Security Testing (SAST) tools like SonarQube to ensure code is automatically scanned for security vulnerabilities as part of the pipeline.
• Promoting best practices in cybersecurity amongst employees.
• Staying current with emerging security trends, technologies, and threats.
• Participating in incident response activities, including containment, eradication, and recovery efforts.
• Working closely with IT, legal, and compliance teams to ensure security measures are aligned with organisational goals.
• Assisting system administrators and DevOps with the implementation and configuration of security policies.
• Participating in audits such as ISO27001 and gaming regulatory audits, where applicable.
• Communicating security issues with relevant stakeholders and propose mitigation actions.

Qualifications, experience and skills required:

• Degree in Computer Science, Information Technology, or a related field.
• Relevant certifications, such as, Kubernetes Administrator, Kubernetes Security Specialist, Google Cloud Security Engineer, Vault Associate, Vault Operations Professional, CEH, OSCP, or equivalent are preferred.
• Minimum of 3-5 years of experience in information security or a related field.
• Proven track record in managing and securing IT infrastructure and data.
• Experience in information technology system design, implementation and maintenance.
• Working with vulnerability assessment tools.
• Experience with Devops toolchain elements such as Ansible, Terraform, Nuget artefact management, Azure Devops build pipelines and Bitbucket.
• Familiarity with CI/CD tools, container orchestration (Kubernetes/Google GKE).
• Experience with security tools such as SIEM, Kali Linux and / or other security scanning OS distributions, SAST and SCA.
• Functional technical knowledge and expertise in domains of information systems networking, identity management, authentication/authorization systems and protocols, development / build / deployment workflows and application communication protocols with a focus on vulnerability areas and their mitigation.
  
  

Desirable Technical Skills:

• Experience with tools such as OpenSearch and Wazuh is preferred. 
• Strong understanding of network protocols, firewalls, VPN, and encryption technologies.
• Knowledge of Google Cloud security models.
• Excellent analytical and problem-solving skills.
• Strong communication and interpersonal skills.
• Ability to work independently and as part of a team.
• High attention to detail and organisational skills.
  
  

If you possess any of the qualifications mentioned above, we encourage you to apply and explore the exciting opportunities we have available. The specifics of your role will be tailored based on your experience, qualifications, and expertise. We look forward to discussing how you can contribute to our team's success and grow your career with us.

Benefits:

• Stable and flexible working environment.
• Career Growth Opportunity.
• Training and professional development events.
• Health insurance.
• Competitive Remuneration and Benefits.
• Teamwork and Accountability.
• Sense of Community and Defined Company Culture.
• International Work Environment.
• Diverse Workplace.
• Relocation support.
• Modern comfortable office in the centre of St Julians.
• Corporate parking near our office.
• Gym reimbursement after successfully passing probationary period.