logo inner

Lead DevSecOps Engineer

SmarshPortland, Oregon, United States | Atlanta, Georgia, United States | Pleasanton, New York, United States | Remote, Hybrid, Onsite
This job is no longer open

Who are we?


Smarsh empowers its customers to manage risk and unleash intelligence in their digital communications. Our growing community of over 6500 organizations in regulated industries counts on Smarsh every day to help them spot compliance, legal or reputational risks in 80+ communication channels before those risks become regulatory fines or headlines.  Relentless innovation has fueled our journey to consistent leadership recognition from analysts like Gartner and Forrester, and our sustained, aggressive growth has landed Smarsh in the annual Inc.

5000 list of fastest-growing American companies since 2008.SummaryThe Lead Security Engineer a member of our InfoSec team charged with developing the systems, policies, and procedures for delivering our services securely in line with our organization's security strategies. This role involves providing guidance on security architecture, conducting risk assessments, and assisting the design of complex security solutions. You'll work closely with cross-functional teams to embed security into the software development lifecycle, define and enforce security policies, and lead incident response efforts.

How will you contribute?


  • Provide guidance on security architecture, technologies, and best practices under the direction of senior security staff.
  • Assist in the design and implementation of security solutions for hosts, databases, applications, and APIs.
  • Perform risk assessments, security reviews, and threat modeling for important projects and systems, under supervision.
  • Work with cross-functional teams to facilitate the integration of security into the software development lifecycle, including CI/CD pipelines.
  • Help enforce security policies, standards, and procedures, ensuring compliance with industry regulations and internal requirements.
  • Support the response and forensic investigation of significant security incidents.
  • Assist in the deployment of advanced security measures such as zero-trust architectures, intrusion detection systems, and threat hunting strategies.
  • Work alongside Security Architects to evaluate security controls and technologies for various systems and applications.
  • Provide expertise in security discussions with internal stakeholders and, where needed, with customers, partners, and regulatory bodies.
  • Contribute to security automation initiatives to enhance process efficiency and reduce manual tasks.
  • Participate in red team exercises and vulnerability assessments to help identify system and application weaknesses.
  • Engage with leadership to ensure that security initiatives support business objectives and strategies.
  • Stay updated with the latest security threats and trends by attending industry forums, conferences, and participating in research activities.
  • Support legal and compliance teams to ensure compliance with privacy laws and data protection standards.
  • Assist in the development and updating of incident response plans, playbooks, and communication strategies.
  • Evaluate new security technologies and tools, providing recommendations to enhance security.
  • Support the organization during audits and compliance assessments.
  • Help create and maintain comprehensive security documentation and training materials for various audiences.
  • Assist in educating developers on secure coding practices, facilitate workshops, and offer guidance on secure code writing to reduce vulnerabilities.
  • Contribute to the design and implmentation of security measures that address continuity and disaster recovery planning.

What will you bring?


  • A Bachelor’s degree in Computer Science, Information Technology, or a related field, or equivalent combination of education and relevant experience.
  • A minimum of 7+ years of IT experience, with 5+ years of dedicated security experience.
  • Practical experience in designing and implementing security solutions, including firewalls, intrusion detection systems, authentication systems, etc.
  • Strong understanding of network security, network technologies, and monitoring tools.
  • Significant experience in conducting automated security tests, with a good understanding of industry standards such as NIST controls.
  • Capable of delivering security tests across CI/CD pipelines using various testing methodologies (SAST, DAST, runtime testing).
  • Experience in developing security practices for multiple Infrastructure-as-a-Service (IaaS) platforms (AWS, GCP, Azure, vSphere).
  • Familiarity with container technologies and orchestration platforms such as Docker, Kubernetes, Cloud Foundry.
  • Experience with configuration management technologies (Puppet, Chef, SaltStack, etc.).
  • Strong knowledge of both Linux and Windows platforms.
  • Understanding of build and packaging processes in a Linux/Java environment (Maven, rpm, etc.).
  • Programming and scripting skills (Python, Ruby, GO, Bash, etc.).
  • Ability to discuss and articulate more technical and complex security topics (in addition to risk management concepts and the process of risk assessments).
  • Exhibit good judgement in managing workload, including when to communicate project risks.
  • In-depth understanding of cybersecurity principles, practices, and methodologies.
  • Familiarity with common cyber threats, attack vectors, and vulnerabilities.
  • Experience securing cloud environments, such as AWS, Azure, or Google Cloud.
  • Proficient with incident response procedures and best practices.
  • Expert with vulnerability management tools and practices.
  • Knowledge of cryptographic protocols and key management.
  • Proficiency in scripting languages (e.g., Python, PowerShell) to automate security tasks.
  • Dedication to staying updated with the latest security trends, tools, and techniques.
  • Proficiency in creating clear and comprehensive security documentation, reports, and procedures.
  • Familiarity with relevant regulations (GDPR, HIPAA, etc.) and industry standards (ISO 27001, NIST).
  • Effective communication skills to collaborate with cross-functional teams and convey security concepts to non-technical stakeholders. Work Authorization/Security Clearance (if applicable)
    • We are not providing sponsorship at this time.

$140,000 - $160,000 a yearThe above salary range represents Smarsh's good faith and reasonable estimate of the range of possible base compensation at the time of posting. Any applicable bonus programs will be discussed during the recruiting process. The salary for this role will be set based on a variety of factors, including but not limited to, internal equity, experience, education, location, specialty and training. Local cost of living assessments are done for each new hire at the time of offer.

About our culture


Smarsh hires lifelong learners with a passion for innovating with purpose, humility and humor. Collaboration is at the heart of everything we do. We work closely with the most popular communications platforms and the world’s leading cloud infrastructure platforms. We use the latest in AI/ML technology to help our customers break new ground at scale. We are a global organization that values diversity, and we believe that providing opportunities for everyone to be their authentic self is key to our success.

Smarsh leadership, culture, and commitment to developing our people have all garnered Comparably.com Best Places to Work Awards. Come join us and find out what the best work of your career looks like.Apply for this job

This job is no longer open

Life at Smarsh

Smarsh® delivers cloud-based archiving solutions for the information-driven enterprise. The Smarsh platform provides a unified compliance and e-discovery workflow across the entire range of digital communications, including email, public and enterprise social media, websites, instant messaging and mobile messaging. With Smarsh, you can search and review all of your content in one place, creating efficiency and peace of mind. Founded in 2001, Smarsh helps more than 20,000 organizations meet regulatory compliance, e-discovery and record retention requirements. The company is headquartered in Portland, Ore. with offices in New York City, Atlanta, Boston, Los Angeles and London. For more information, visit www.smarsh.com, follow @SmarshInc on Twitter or like Smarsh on Facebook at www.facebook.com/SmarshInc.
Thrive Here & What We Value1. Healthcare insurance2. Personal time off3. 401K Match4. Sabbatical program5. Recognition for a job well done6. Equal Opportunity and Affirmative Action Employer7. Collaborative Environment8. Global Organization9. Values Diversity10. Commitment to Developing People
View more
Your tracker settings

We use cookies and similar methods to recognize visitors and remember their preferences. We also use them to measure ad campaign effectiveness, target ads and analyze site traffic. To learn more about these methods, including how to disable them, view our Cookie Policy or Privacy Policy.

By tapping `Accept`, you consent to the use of these methods by us and third parties. You can always change your tracker preferences by visiting our Cookie Policy.

logo innerThatStartupJob
Discover the best startup and their job positions, all in one place.
Quick SearchSearch JobsSearch Remote Jobs hiring WorldwideSearch Remote Jobs in the USSearch Jobs in IndiaSearch Remote Jobs in UKSearch by Title
AreaCaliforniaMassachusettsNew YorkTexasVirginiaWashington D.C.View all
Popular SubRemote JobsWeb3 JobsiOS Developer JobsFront End Developer Remote JobsComputational Geometry JobsCannabis CareersView all
CompanyAbout UsContact usBlogCreditsCareersPrivacy PolicyCookie Policy
Copyright © 2024