Job
Description
As a Security Engineer at MPL, your primary responsibility will be to ensure the security and compliance of our cloud-native applications and infrastructure, with a strong focus on Kubernetes security, container security, DevSecOps, and automation. You will play a pivotal role in designing, implementing, and maintaining security measures to protect our assets and data from evolving threats. Key Responsibilities: Kubernetes Security: Assess and enhance the security of our Kubernetes clusters. Implement best practices for securing Kubernetes deployments. Monitor Kubernetes resources for security vulnerabilities and misconfigurations. Container Security: Evaluate and implement container security solutions to protect containerized applications. Conduct regular vulnerability assessments and penetration testing of container images. Ensure container image scanning and runtime security. DevSecOps Integration: Collaborate closely with DevOps and development teams to integrate security into the CI/CD pipeline. Automate security testing and compliance checks within the development and deployment workflows. Promote a culture of security awareness and ownership among development teams. Automation: Develop and maintain automated security tooling and scripts to streamline security operations. Create and maintain security policies as code (Infrastructure as Code) for cloud resources. Continuously improve security incident response and automation processes. Security Compliance: Ensure compliance with relevant security standards and regulations (e.g., CIS benchmarks, GDPR, HIPAA). Perform regular audits and assessments to identify and address compliance gaps. Incident Response: Collaborate with incident response teams to investigate and respond to security incidents. Contribute to post-incident analysis and remediation efforts. Documentation and Training: Document security procedures, guidelines, and best practices. Provide security training and guidance to other teams as needed. Qualifications: Bachelor's degree in Computer Science, Information Security, or related field (or equivalent work experience). Proven experience as a Security Engineer with a focus on Kubernetes, container, DevSecOps, and automation. Strong knowledge of containerization technologies (Docker, Kubernetes). Familiarity with cloud security principles (AWS, Azure, GCP). Proficiency in scripting and automation using languages such as Python, Bash, or Go. Experience with security scanning tools (e.g., Clair, Trivy, SonarQube, Twistlock). Knowledge of DevOps practices and tools (e.g., Jenkins, GitLab CI/CD). Excellent problem-solving and communication skills. Relevant certifications (e.g., Certified Kubernetes Security Specialist, Certified DevSecOps Engineer) are a plus.
