DevSecOps Engineer

Job Description

Who are Tyk, and what do we do?

The Tyk API Management platform is helping to drive the connected world and power new products and services. We’re changing the way that organisations connect any number of their systems and services.Whether internal, external, public or highly encrypted systems, Tyk helps businesses drive value across the retail, finance, telecoms, healthcare, or media industries (to name just a few!) If you’ve banked online, used an app to check the news, or perhaps even driven a connected car, API’s, and by extension, Tyk, make that possible. Founded in 2015 with offices in London - UK, London - Ontario, Atlanta and Singapore, we have many thousands of users of our B2B platform across the globe. Brands using Tyk range from Lotte, Bell, Dominos, Starbucks, to RBS and Societe Generale. We have a varied user base hailing from every continent – even Antarctica.

Our Mission

Tyk are committed to enabling interconnectivity between systems and between devices. We’ve started by building an API Management platform.

Total flexibility, default remote, radical responsibility

We offer unlimited paid holidays and remote working from anywhere in the world, for everyone, Why? Tyk was founded on the principle of offering flexibility and autonomy to our employees, we believe this allows our employees to achieve their best results. It also means we can build the best possible team, location and working hours are no barrier.

If this sounds like an environment that you believe could work for you then read on to find out more:

The role

We are bolstering our Security team, and we are looking for a talented DevSecOps Engineer to join our DevOps team.

Developing and implementing new and innovative security frameworks is key, as is being a consultant to our squad model to build in security first thinking to our actions and our automations. You will look to the horizon constantly, scanning for threats, raising them, and providing strong mitigations to any risks you find.

We want you to own our security policies, keeping them current and up to date, as well as owning the vulnerability list for product and being the key responder to our responsible disclosure programs.

We'd love you to have experience in Golang, but we would consider experience in other languages; and we'd love a motivated self starter who really wants to leave a positive footprint within Tyk - we empower you completely, so a keen ability to set your own direction is key.

Here’s what you’ll be getting up to:

• Owning the vulnerability list for all products
• Responding to bug bounty reports via ZeroCopter
• Creating and mitigating threat and risk analyses - scanning the horizon for potential issues which Tyk can head off proactively
• Mitigation of any known vulnerabilities
• Security audit automation for k8s, AWS and DO assets
• Working closely with squads to ensure security is on the forefront
• Working with penetration testers and red teams
• Supporting ISO 27001/SOC2 audits and advising on any new security accreditations which might be valuable to Tyk and its customers
• Supporting customer facing issues on an ‘by exception’ basis
• Work with the devolved product squads to develop and embed security first thinking in our software delivery lifecycle
• Developing, championing and embedding best in class security frameworks and practices into our squads via a consultative approach
• Creating, owning, and updating Tyk wide security policies, some of which are customer facing
• Working closely with QA functions on developing solid security test frameworks and proactive penetration test schedules

Requirements

Here’s what we’re looking for:

• Configuration management (Ansible, cloud-init, etc.)
• IaaS providers (AWS, Azure, etc.)
• IaC (tf, helm, etc.)
• Container orchestration and development (k8s, rancher, etc.)
• Implementing CI/CD pipelines (Github actions, etc.)
• Writing in English proficiency
• Communication skills to engage at various skill levels
• Supporting agile squads with processes and automation for shifting left on security

Benefits

Here’s why you should join us:

• Everyone has unlimited paid holiday.
• We have total flexibility in hours, as we believe creativity flows better when our people are given freedom to decide when they are most productive. Everyone is unique after all.
• Employee share scheme
• Generous maternity and paternity leave
• Company retreats

We all share the same vision - we value authenticity, respect, responsibility, independence, honesty, diversity and inclusion and most importantly treating others how you wish to be treated. We look for like-minded people who bring their personalities to work everyday, strive to achieve their personal goals and who are willing to challenge the way we do things, why? - to make what we do even better!

Our values tell the story of Tyk - here’s how:

• It’s ok to screw up!

We’ve found that it’s often the ‘stupid’ or unexpected ideas that turn out to be the successful ones - so try it, at least we can say we have!

• The only stupid idea, is the untested one!

It’s in our DNA - starting a business with founders 12 hours apart, giving our gateway away for free - sure, we did that, and we’d do it again!

• Trust starts with you - make it count!

Trust is a two-way street - instill it from day one!

• Assume best intent!

We have each other’s back - we’re all on the same team. Think before you speak or act.

• Make things, better!

Always try to leave things better than when you found them - change is constant, inevitable and embraced! Be that change we want to see.

What’s it like to work here?! check it out: https://tyk.io/worklife/

Tyk is an equal opportunities employer and we are determined to ensure that no applicant or employee receives less favourable treatment on the grounds of gender, age, disability, religion, belief, sexual orientation, marital status, or race, or is disadvantaged by conditions or requirements which cannot be shown to be justifiable.

You can see more about us here https://tyk.io