Heartland Ventures
Heartland Ventures

DevSecOps Engineer



Software Engineering
Shanghai, China
Posted on Saturday, October 8, 2022
Workstream is a mission-driven company that believes in building premium, modern software solutions for local businesses. There are 2.7 billion hourly workers, who make up 80% of the global workforce, but they've been heavily underserved by technology and deserve better. We help local businesses around you hire, manage, and retain qualified workers.
Our customers include leading brands from multiple sectors, including Burger King, Carl's Jr./Hardee's, IHOP, KFC, and Culvers. At series B, we are quickly expanding our product portfolio. We are backed by legendary VCs and industry experts like Founders Fund, BOND, and Coatue.

We are seeking a talented DevSecOps Engineer to join our growing team. As a DevSecOps Engineer, you will be responsible for designing, implementing, and maintaining security measures to protect Workstream's infrastructure, applications, and data. You will work closely with development teams to ensure secure software development practices are implemented throughout the development lifecycle.

Day in the Life:

  • Implement and execute security policies across AWS cloud environments including VPC, SSO and Organizational Policies
  • Evaluate security controls, design standards, drive changes across the organization
  • Investigate and Remediate security issues across multiple AWS organizations at scale
  • Review and participate in Design Reviews for Infrastructure security changes and standards
  • Identify and drive opportunities to improve automation for code deployment, cloud configuration management, and visibility of security services
  • Drive AWS security features and product relationships globally

Who You Are:

  • BS or MS in Computer Science, Engineering, or a related technical discipline, or equivalent experience
  • 3+ years of experience in DevSecOps with strong understanding of software development processes and methodologies
  • Experience with security-focused tools and vulnerability assessment
  • Experience with incident response, on-call responsibilities, and/or digital forensics
  • Familiarity with security automation and tooling such as DAST and SAST
  • Experience in data security, including access control, governance, PII control/detection, etc.
  • Excellent written and verbal communication skills
  • Experience with languages like Ruby, Python, Java, JavaScript, Puppet, etc

Preferred Qualifications:

  • Background in public cloud deployment or operations, especially with AWS
  • Experience with Intrusion Detection Systems (IDS): their design, implementation, benchmarking, and related strategies
  • Deep knowledge of IAM tools, techniques, and related best practices
  • Knowledge of security best practices and compliance standards such as SOC2
  • Cloud security certifications like AWS Certified Security Specialty or other industry recognized certifications like CEH are preferred

What We Offer:

  • A mission-driven and value-based company dedicated to empower deskless workers and local businesses
  • An early employee opportunity at a Series B hyper-growth startup; work with the founding team and industry veterans to accelerate your career
  • Competitive salary and equity
  • Comprehensive health coverage: medical, dental, and vision
  • WeWork Office - Amenities and Perks
  • Learning/development stipend
  • Unlimited PTO
  • Hybrid Office/WFH schedule

Additional Information

Workstream provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

We are committed to the full inclusion of all qualified individuals.