DevSecOps Engineer

Remote - EMEA / Engineering

Who are Tyk, and what do we do? 

The Tyk API Management platform is helping to drive the connected world and power new products and services. We’re changing the way that organisations connect their systems and services. Whether internal, external, public or highly encrypted systems, Tyk helps businesses drive value across multiple industries. If you’ve banked online, used an app to check the news, or even driven a connected car, API’s, and by extension, Tyk, make that possible. Founded in 2015 with offices in London, Atlanta and Singapore, we have many thousands of users of our B2B platform across the globe. Brands using Tyk range from Singapore Post to global organisations like the Financial Times, and Starbucks.

Our Mission

The internet started by connecting mainframes, by the end of the 20th century 600m desktop and laptop computers exchanged email and web-traffic. Today around 15 billion ‘things’ are connected to the internet, growing at a rate of a billion per year. Tyk are committed to enabling interconnectivity between systems and between devices. We’ve started by building an API Management platform.

Total flexibility, default remote, radical responsibility

We offer unlimited paid holidays and remote working from anywhere in the world, for everyone – for real. Why? Tyk was founded on the principle of doing things differently and offering flexibility and autonomy to our employees are two principles that, we believe, allow our employees to achieve their best results. It also means we can build the best possible team, location and working hours are no barrier. If this sounds like an environment that you believe could work for you then read on to find out more:

What can you do with us?

We are bolstering our Security team, and we are looking for a talented DevSecOps Engineer to join our DevOps team.

Developing and implementing new and innovative security frameworks is key, as is being a consultant to our squad model to build in security first thinking to our actions and our automations. You will look to the horizon constantly, scanning for threats, raising them, and providing strong mitigations to any risks you find.

We want you to own our security policies, keeping them current and up to date, as well as owning the vulnerability list for product and being the key responder to our responsible disclosure programs.

We’d love you to have experience in Golang, but we would consider experience in other languages; and we’d love a motivated self starter who really wants to leave a positive footprint within Tyk – we empower you completely, so a keen ability to set your own direction is key.

Here’s what you’ll be getting up to:

  • Owning the vulnerability list for all products
  • Responding to bug bounty reports via ZeroCopter
  • Creating and mitigating threat and risk analyses – scanning the horizon for potential issues which Tyk can head off proactively
  • Mitigation of any known vulnerabilities
  • Security audit automation for k8s, AWS and DO assets
  • Working closely with squads to ensure security is on the forefront
  • Working with penetration testers and red teams
  • Supporting ISO 27001/SOC2 audits and advising on any new security accreditations which might be valuable to Tyk and its customers
  • Supporting customer facing issues on an ‘by exception’ basis
  • Work with the devolved product squads to develop and embed security first thinking in our software delivery lifecycle
  • Developing, championing and embedding best in class security frameworks and practices into our squads via a consultative approach
  • Creating, owning, and updating Tyk wide security policies, some of which are customer facing
  • Working closely with QA functions on developing solid security test frameworks and proactive penetration test schedules

Here’s what we’re looking for:

  • Configuration management (Ansible, cloud-init, etc.)
  • IaaS providers (AWS, Azure, etc.)
  • IaC (tf, helm, etc.)
  • Container orchestration and development (k8s, rancher, etc.)
  • Implementing CI/CD pipelines (Github actions, etc.)
  • Writing in English proficiency
  • Communication skills to engage at various skill levels
  • Supporting agile squads with processes and automation for shifting left on security

Benefits:

Our early stage team members are shaping our business, there is an attractive package based on experience and performance that includes share options. Everyone has unlimited paid holiday. We have total flexibility in hours, so plan your day around your commitments to ensure you can give your best at work and at home. You will work with a talented, and passionate team of industry experts, who are developing a cutting-edge product that is driving change and innovation within startups and household names alike. We’re a distributed team. Work from our offices during induction if you want, once you are up to speed, you can work from home, a cafe, wherever you get your best work done, we’ll support you in making that happen. The best software and hardware available – we are prime movers in “The New Stack”, our setup reflects that. We are growing rapidly and are looking for team members keen to grab hold, accelerate that further and shape our future.

What’s it like to work here?! check it out: https://tyk.io/worklife/

Tyk aims to be an equal opportunities employer and we are determined to ensure that no applicant or employee receives less favourable treatment on the grounds of gender, age, disability, religion, belief, sexual orientation, marital status, or race, or is disadvantaged by conditions or requirements which cannot be shown to be justifiable.

You can see more about us here https://tyk.io

Apply Now