Senior DevSecOps Engineer

Here at Malwarebytes, we believe that when you’re free from threats, you’re free to thrive. It all started in 2008 with one person who needed help with a malware infection, and a community coming together to find solutions. In that moment in time a product was born for all people, with a mission to rid the world of malware. Our product has since grown and evolved, from removing malware, to protecting devices, to ever-changing prevention. About Malwarebytes Inc. Malwarebytes began after our founder, Marcin Kleczynski, accidentally infected his parents’ computer while downloading a video game as a teenager. At the time, there was no product that could fully solve the problem, so he set out to build one. That early experience shaped our mission: to create protection that works when people need it most. Since then, the digital threat landscape has only grown more complex. Attackers are faster, stealthier, and more sophisticated, while traditional solutions often overwhelm people with complicated tools and settings. At Malwarebytes, we believe protection should be both powerful and refreshingly simple because if security feels too hard to use, people will not use it. That is why our aspiration is always to stay one step ahead: cutting through the noise, stopping threats others miss, and delivering peace of mind in an unpredictable digital world. Malwarebytes is looking for.. A motivated and experienced Senior DevSecOps Engineer is needed to strengthen product security within our security-first company. As a hands-on engineer on our DevOps team, you will use modern tools and technologies to identify, address, and automate the prevention of security issues. The ideal candidate brings prior experience as an Application Security Engineer (ideally with desktop and mobile platforms), strong multi-cloud infrastructure management skills (primarily AWS), and a drive to learn new products while working independently. What You Will Do

• Automate security processes and tooling within the CI/CD pipeline, including integrating SAST/DAST/SCA tools to prevent classes of security issues.
• Perform and manage collaboration with external firms on security-focused code reviews and penetration tests.
• Support and consult with product and development teams on application security, including conducting threat modeling and design reviews.
• Work through the backlog of security findings from AWS Security, Identity, & Compliance services. Assist teams in triaging, reproducing, and executing infrastructure fixes.
• Administer and support our ongoing bug bounty program and security tools to ensure timely remediation of vulnerabilities. This includes assisting teams in triage, reporting, and vendor management.
• Manage the overall cloud security posture, ensuring the well-architected framework is applied across our AWS, Azure, and GCP environments.
• Lead efforts to promote security best practices and foster a secure development culture across the organization.

Skills You'll Need To Have

• Hands-on experience in AWS and managing infrastructure in Terraform. An ideal candidate would hold the AWS Certified Security Specialty certification.
• Proficiency with security tools such as HackerOne (bug bounty program), DataTheorem, Cobalt (SAST/DAST/SCA), and AWS Inspector, or similar tools.
• Ability to use GitHub and to manage relevant GitHub Actions and GitHub Advanced Security features.
• Development skills and experience in security analysis of cloud, desktop, and mobile applications.
• Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.
• Able to adapt quickly in a growing organization and solve problems collaboratively across development teams. Willing to learn new security technologies as business needs evolve.
• Able to work independently in high-risk environments with minimal supervision.

Skills That Are Nice To Have

• Certifications in any of the following: CISSP, CEH, GIAC Reverse Engineering.
• Advanced internal knowledge of Windows and/or macOS.
• Strong familiarity with securing cloud-based technologies like Azure and GCP.
• Thorough knowledge of digital forensics methodology.
• Strong background in security architecture, system administration, and networking.

Perks & Benefits

• An opportunity to do something great for yourself and the world!
• Employee Referral Bonus Program 
• Wellness programs  

(Benefits and Perks subject to change by country/region)