Security Engineer

MPL is a cutting-edge technology company committed to revolutionizing the way security is implemented in the modern era of cloud-native and DevOps practices. We are seeking a talented and experienced Security Engineer to join our dynamic team. If you are passionate about Kubernetes security, container security, DevSecOps, and automation, and are ready to make an impact in a fast-paced environment, we want to hear from you.

Job Description:

As a Security Engineer at MPL, your primary responsibility will be to ensure the security and compliance of our cloud-native applications and infrastructure, with a strong focus on Kubernetes security, container security, DevSecOps, and automation. You will play a pivotal role in designing, implementing, and maintaining security measures to protect our assets and data from evolving threats.

Key Responsibilities:

1. Kubernetes Security:

• Assess and enhance the security of our Kubernetes clusters.

• Implement best practices for securing Kubernetes deployments.

• Monitor Kubernetes resources for security vulnerabilities and misconfigurations.

2. Container Security:

• Evaluate and implement container security solutions to protect containerized applications.

• Conduct regular vulnerability assessments and penetration testing of container images.

• Ensure container image scanning and runtime security.

3. DevSecOps Integration:

• Collaborate closely with DevOps and development teams to integrate security into the CI/CD pipeline.

• Automate security testing and compliance checks within the development and deployment workflows.

• Promote a culture of security awareness and ownership among development teams.

4. Automation:

• Develop and maintain automated security tooling and scripts to streamline security operations.

• Create and maintain security policies as code (Infrastructure as Code) for cloud resources.

• Continuously improve security incident response and automation processes.

5. Security Compliance:

• Ensure compliance with relevant security standards and regulations (e.g., CIS benchmarks, GDPR, HIPAA).

• Perform regular audits and assessments to identify and address compliance gaps.

6. Incident Response:

• Collaborate with incident response teams to investigate and respond to security incidents.

• Contribute to post-incident analysis and remediation efforts.

7. Documentation and Training:

• Document security procedures, guidelines, and best practices.

• Provide security training and guidance to other teams as needed.

Qualifications:

• Bachelor's degree in Computer Science, Information Security, or related field (or equivalent work experience).

• Proven experience as a Security Engineer with a focus on Kubernetes, container, DevSecOps, and automation.

• Strong knowledge of containerization technologies (Docker, Kubernetes).

• Familiarity with cloud security principles (AWS, Azure, GCP).

• Proficiency in scripting and automation using languages such as Python, Bash, or Go.

• Experience with security scanning tools (e.g., Clair, Trivy, SonarQube, Twistlock).

• Knowledge of DevOps practices and tools (e.g., Jenkins, GitLab CI/CD).

• Excellent problem-solving and communication skills.

• Relevant certifications (e.g., Certified Kubernetes Security Specialist, Certified DevSecOps Engineer) are a plus.