Principal Software Engineer – DevSecOps

About Boomi and What Makes Us Special

Are you ready to work at a fast-growing company where you can make a difference? Boomi aims to make the world a better place by connecting everyone to everything, anywhere. Our award-winning, intelligent integration and automation platform helps organizations power the future of business. At Boomi, you’ll work with world-class people and industry-leading technology. We hire trailblazers with an entrepreneurial spirit who can solve challenging problems, make a real impact, and want to be part of building something big. If this sounds like a good fit for you, check out boomi.com or visit our Boomi Careers page to learn more.

Role and Responsibilities

• AWS Security and IAM:

  • Extensive experience in managing AWS IAM roles, policies, and permissions, ensuring adherence to the principle of least privilege.

  • Proficiency in utilizing AWS security services such as AWS Config, CloudTrail, GuardDuty, and Security Hub for continuous monitoring and compliance.

  • Hands-on experience with AWS Key Management Service (KMS) for encryption key management and data protection.

• Azure Security and Identity Management:

  • Solid understanding of Azure Active Directory (AAD) for identity and access management across Azure resources.

  • Experience with Azure Role-Based Access Control (RBAC) to manage permissions and access to Azure services.

  • Familiarity with Azure Security Center and Azure Policy for assessing and improving the security posture of Azure environments.LinkedIn+3careers-buspatrol.icims.com+3SmartRecruiters+3

• Infrastructure as Code (IaC) and Automation:

  • Proficient in developing and maintaining infrastructure using IaC tools such as Terraform, AWS CloudFormation, and Azure Resource Manager (ARM) templates.

  • Experience in automating security configurations and compliance checks across AWS and Azure environments.

  • Skilled in implementing and managing secrets management solutions like AWS Secrets Manager, Azure Key Vault, or HashiCorp Vault.

• CI/CD Pipeline Security Integration:

  • Expertise in integrating security controls and checks into CI/CD pipelines using tools like Jenkins, GitLab CI/CD, Azure DevOps, or AWS CodePipeline.

  • Experience in automating static and dynamic code analysis (SAST/DAST) to identify and remediate vulnerabilities early in the development lifecycle.

  • Familiarity with containerization and orchestration tools like Docker and Kubernetes, including implementing security best practices.

• Monitoring and Incident Response:

  • Proficient in setting up and maintaining monitoring and alerting systems using AWS CloudWatch, Azure Monitor, and third-party SIEM tools.

  • Experience in developing incident response plans and conducting regular drills to ensure preparedness for security events.

  • Skilled in conducting root cause analysis and implementing corrective actions to prevent future incidents.

• Compliance and Governance:

  • Thorough understanding of industry standards and frameworks such as ISO 27001, SOC 2, PCI DSS, and HIPAA.

  • Experience in maintaining documentation for security policies, procedures, and compliance audits.

  • Stay updated on emerging security threats and cloud security features to proactively address potential risks.

• Vulnerability Management:

  • Hands-on experience with vulnerability assessment tools like Snyk, TruffleHog, and CrowdStrike CSPM to identify and remediate security issues.

  • Ability to prioritize and track remediation efforts to ensure timely resolution of vulnerabilities.

• Collaboration and Training:

  • Proven ability to work closely with development, operations, and security teams to promote a culture of security and shared responsibility.

  • Experience in providing training and guidance on secure coding practices, cloud security, and DevSecOps methodologies.

Technical Must-Know Concepts

• Application Security:

  • In-depth knowledge of secure coding practices, including familiarity with OWASP Top 10 and CWE guidelines.

  • Experience integrating security into the Software Development Life Cycle (SDLC).

• Threat Modeling:

  • Proficiency in threat modeling methodologies such as STRIDE and DREAD.

  • Ability to identify attack surfaces and develop mitigation strategies.

• Cloud Security:

  • Expertise in AWS and Azure security best practices, including IAM, KMS, GuardDuty, and Security Center.

  • Understanding of encryption mechanisms for data at rest and in transit.

  • Experience in hardening cloud resources to prevent unauthorized access.

• Infrastructure and CI/CD Security:

  • Knowledge of securing Infrastructure as Code (IaC) using tools like Terraform and CloudFormation.

  • Experience with secrets management and integrating security scans (SAST, SCA, DAST) into CI/CD pipelines.

• Vulnerability Management:

  • Proficiency in using tools like Snyk, TruffleHog, and CrowdStrike CSPM for vulnerability assessment.

  • Ability to prioritize vulnerabilities based on risk and impact.

• Authentication and Authorization Security:

  • Understanding of OAuth 2.0, OpenID Connect, and Single Sign-On (SSO) principles.

  • Experience in implementing secure authentication and authorization mechanisms.

• Container and Kubernetes Security:

  • Knowledge of container security best practices, including image scanning and hardening.

  • Experience with Kubernetes security features like RBAC and network policies.

• Cryptography Fundamentals:

  • Familiarity with TLS/SSL protocols, encryption standards, and key management practices.

• Security Standards and Compliance:

  • Awareness of frameworks such as NIST, ISO 27001, SOC 2, and PCI DSS.

  • Experience in aligning security practices with compliance requirements.

• DevSecOps Tooling:

  • Proficiency in using CI/CD tools like GitHub, GitLab, and Bitbucket, and integrating security automation into workflows.

Be Bold. Be You. Be Boomi. We take pride in our culture and core values and are committed to being a place where everyone can be their true, authentic self. Our team members are our most valuable resources, and we look for and encourage diversity in backgrounds, thoughts, life experiences, knowledge, and capabilities.

All employment decisions are based on business needs, job requirements, and individual qualifications.

Boomi strives to create an inclusive and accessible environment for candidates and employees. If you need accommodation during the application or interview process, please submit a request to talent@boomi.com. This inbox is strictly for accommodations, please do not send resumes or general inquiries.