Senior DevSecOps Engineer

Hiring at

ORCID

How to apply

Copied e-mail address!

Overview

Engineering Information & Technology

–

Mid Senior

–

Full-time

–

UTC -12 to 14

Available anywhere

See all countries

nopreference

🇵🇸 This job hires Palestinians through our partner Techtative

Salary

Not disclosed

Deadline

1970-01-01

January 1, 1970

Not specified

No Deadline, Requires Travel

Share this job!

Company Description

ORCID is a mission-driven, member-supported, community-governed non-profit organization. Our vision is a world where all who participate in research, scholarship, and innovation are uniquely identified and connected to their contributions across disciplines, borders, and time. Every one of ORCID’s employees is committed to that vision as well.
We believe in and operate by our three values. ORCID strives to be:

Inclusive: We make decisions collaboratively, involving our staff, Board, those who support our mission, and the researchers and community that are the purpose of our work. We take a global view.
Trusted: Privacy and researcher control underscores everything we do.
Open: Our work is open, transparent, and non-proprietary.

Where We’re Located

As a fully-remote organization serving researchers everywhere, ORCID is able to hire talented individuals all over the globe, and we aim to have our people located in the communities that we serve. Members of our tech team are based in the following countries (but we welcome applicants from all locations, even if not listed here):

Costa Rica
Lithuania
Mexico
Portugal
Spain
UK

Our Culture

ORCID has been a global, 100% remote organization since our founding in 2012. This has enabled us to build a team of the best and brightest minds in the industry. ORCID staff are curious and collaborative, and we strive to maintain a culture of learning. We offer programs like individually-focused professional development planning, monthly “Food for Thought” learning sessions on a wide variety of topics, and access to a digital learning platform, Udemy for Business. We are flexible and family-friendly, allowing staff to shift their schedules as needed, flex their time across the calendar month, and take an hour-long paid break each day (not to mention OFF– see the benefits we provide below).
As an organization, we are committed to diversity, equity and inclusion (DEI). We invite you to read our DEI statement and principles as well as learn about internal and external DEI initiatives we support here. As a fully remote organization, we also have an active committee dedicated to making our individual remote experiences as positive and productive as possible. Read more about our culture here.
Although we are geographically diverse, we are a small, cohesive community dedicated to our mission and to each other
As an open organization valuing trust and transparency, we have a privacy policy describing how we handle applicant, employee and contractor data that we invite you to review if interested.

Go to website

ORCID is seeking an experienced and enthusiastic professional for the position of fully remote Senior DevSecOps Engineer**.** If you like the flexibility of a remote organization and the public-service orientation of a non-profit, join us on our mission to connect research and researchers!

ORCID is seeking a Senior DevSecOps Engineer to serve as an technical advisor and implementor to ensure the ongoing security of ORCID products and service offerings. The Senior DevSecOps Engineer reports directly to the Director of Technology but is also functionally accountable to the Director of Operations and the Director of Product as seamless, matrixed partnership across ORCID units will be key to the success of this role.
This position is full time (40 hours/week) and, like all positions at ORCID, is fully remote. Candidates must be able to work during Europe or Americas standard business hours (Mon-Fri) with at least four hours daily between 1300-2000 UTC, with some recurring meetings between 1400 – 1700 UTC. Outside of these parameters, ORCID offers flexibility with your schedule.

Responsibilities

Work with ORCID senior staff, product, technology, and devops teams to identify the right architecture to ensure the secure implementation of new solutions, products and modules.
Develop, implement and maintain product security strategy for the ORCID product portfolio
Conduct complete lifecycle security architecture and technical assessments for a wide range of product infrastructure, databases, web applications, and internal/SaaS software solutions.
Identify and work with the ORCID product and technology teams to mitigate security risks in the product and infrastructure.
Collaborate with the product and technology teams to ensure security best practices are integrated into the development lifecycle (SDLC) to reinforce “security by design” concepts.
Provide guidance and leadership on best practices regarding security in software and product development.
Analyse and prioritise vulnerabilities identified by developers, customers, testers, as well as automated static and dynamic application security testing. Work closely with developers to remediate in alignment with the identified risk to ORCID systems, users, and data.
Implement or guide the implementation of common application security controls
Ensure privacy requirements are implemented through data protection and security technology both within ORCID products and internal/SaaS tools.
Work with the ORCID operations team on the selection and secure configuration of internal/SaaS tools.
Identify and work with the ORCID operations team to mitigate security risks in internal and SaaS tools.
Provide training and education to developers on software security best practices.
Participate in the on call rotation for out of hours support, and respond to extraordinary situations or technical emergencies

Requirements and Qualifications

Required Skills:

Proven experience as a DevSecOps engineer or similar role involving securing a user-facing product. (4-6 years)
Experience translating OWASP Top 10 into practical development imperatives and applying to product infrastructure (4-6 years)
Knowledge of and experience with best practices in the union of security engineering and DevOps (2-3 years)
Experience with cloud services (e.g. AWS), their native services, and security features. (3-4 years)
Experience securing databases including access control and encryption whilst maintaining performance (2-3 years)
Experience with integration and release pipelines and the security of tools such as GitHub Actions or other similar modern CI platform (2-3 years)
Familiarity with the security of containerisation technologies such as Docker and Kubernetes. (2-3 years)
Knowledge of Terraform, network security architectures, network access controls, and secure network design. (2-3 years)
Strong problem-solving skills
Ability to work well in teams and across the organisation.
Self-starter. Ability to define the problem at hand, recommend solutions, and drive to results
Strong communication skills, with the ability to explain complex concepts to colleagues across an entire range of technical capabilities from non-technical to highly-technical.
Fluency in English required. Additional languages a plus.
Ability to travel based upon business needs (less than 10%)

Nice to have:

Previous experience in enterprise security tools
Proficiency with securing and addressing security issues within programming languages such as Python or Java. (3-4 years) Previous experience as a practising developer is an additional plus.

We provide:

A family-friendly, flexible working environment, including:

Flexible work hours and the ability to work fully from home (when not traveling)
A committed and awesome team serving a community-driven organization
Competitive compensation & benefits, including a generous annual leave allowance, leave for Family & Compassionate Care, and an ORCID-wide closure (day off) the Fourth Friday of each month
A continuous learning environment with opportunities for training & professional development
Tools to support our virtual office environment, including a budget to choose your preferred laptop and a monthly remote working stipend.
An annual in-person all staff retreat plus optional virtual social events throughout the year.

Compensation

ORCID’s compensation strategy considers an applicant’s skills and experience, geographic location, as well as internal equity when assessing salary. Because we are remote and hire all over the globe, our salary ranges will vary by location for any given role.

How to apply

Copied e-mail address!

Please submit your CV and a cover letter. In your cover letter, outline how your experience aligns with the roles and responsibilities of this position. ORCID encourages applicants who meet some, but not all of the requirements and qualifications, to apply.

No Visa Jobs is Going on Hiatus

starting Aug. 30th

Dear No Visa Jobs Community,

We want to share that No Visa Jobs will be going on hiatus as we take time to reflect on our journey and evaluate the best ways to continue our mission of connecting global talents with global companies.

This pause will allow us to explore new opportunities and strategies to better serve our community in the future.

We deeply appreciate the support, collaboration, and enthusiasm that you have all contributed to this platform. Thank you for being a part of the No Visa Jobs community.

Warmest regards,

The No Visa Jobs Team

We Are on Hiatus

No Visa Jobs is currently on hiatus as we take time to reflect and realign our mission. We appreciate your support and look forward to sharing updates with you soon.

Stay connected—sign up to be notified when we’re back: