DevSecOps Engineer (App sec)

KX is a prominent technology enterprise committed to propelling data and AI-driven business innovation. The Data Timehouse™ platform, selected by leading investment banks and enterprises across various sectors, empowers real-time, intelligent businesses. Rooted in the high-performance kdb+ time series and vector database, our technology stands renowned for its speed and reliability. We're devoted to fostering a robust partner ecosystem to drive exponential growth. 

At KX, we believe that innovation starts with diversity and inclusion and aim to create a culture where different backgrounds, perspectives, and abilities are embraced to unlock creativity and foster collaboration.  If you enjoy a challenge and the excitement of exposure to an exciting array of technologies, this may be the opportunity for you. 

The DevSecOps Team is responsible for defining standards and contributing to increasing software release velocity by facilitating developer-led security.  

As an AppSec Engineer within the DevSecOps team at KX Systems, you will be responsible for securing the company's applications and software from potential cyber attacks. You will be required to identify vulnerabilities in applications and systems, and implement security measures to protect them from unauthorized access, data theft, and other security breaches. Your role will involve working closely with development and operations teams to ensure that security is integrated into every stage of the software development life cycle.  

Key Responsibilities: 

Liaising with development, InfoSec and operational teams to enable increased release velocity of secure, reliable products & services as part of a comprehensive ‘Shift-Left’ initiative. 

Enabling data driven decisions by gathering useful metrics from DevOps/DevSecOps tools and generating reports. 

Providing development teams with usable security test automation tools and frameworks for the following applications/approaches. 

Performing active application security testing to identify actual impact of security findings. 

Create proactive alerting for valid security issues. 

Promote transparency of security findings/threat intelligence across the R&D group. 

Desirable: 

Experience with Python, Rust, GoLang, Java, or C. 

Experience with creating CI/CD pipelines (E.g., GitLab CI, ArgoCD, Jenkins, etc.). 

Experience with one or more Cloud Service Providers (AWS, GCP, Azure). 

Experience with Docker or Kubernetes. 

Experience in Linux systems administration (RHEL, Ubuntu, etc.). 

Experience with security tools/methodologies (SAST/SCA/CVA/DAST/TVM).