Security DevOps Engineer

Job Req ID: 24102

About Supermicro:

Supermicro ® is a Top Tier provider of advanced server, storage, and networking solutions for Data Center, Cloud Computing, Enterprise IT, Hadoop/ Big Data, Hyperscale, HPC and IoT/Embedded customers worldwide. We are the #5 fastest growing company among the Silicon Valley Top 50 technology firms. Our unprecedented global expansion has provided us with the opportunity to offer a large number of new positions to the technology community. We seek talented, passionate, and committed engineers, technologists, and business leaders to join us.

Job Summary:

Super Micro Computer, Inc. is currently seeking a Security DevOps Engineer who ensure that the websites are reliable, performant, and can scale to meet the challenges that serving over billion customer presents. Automation is the key to meeting our demands; you will be responsible for conceiving, developing, and deploying systems, VMs, Web products and tools to keep the websites running reliably and efficiently.

Essential Duties and Responsibilities:

1.     Perform website code scanning, vulnerability analysis, and penetration testing to assess security risks.

2.     Plan and execute the Software Security Development Life Cycle (SSDLC) process.

3.     Provide expert security recommendations to assist the team in improving website security.

4.     Adhere to the company's Information Security Department policies and procedures.

Qualifications:

1.     Bachelor’s degree in computer science, information technology, or a related field.

2.     Minimum of 5 years of relevant experience in website security (website code scanning, vulnerability analysis, and penetration testing) and successfully identified exploitable vulnerabilities.

3.     Familiarity with the Software Security Development Life Cycle (SSDLC) process.

4.     Familiarity with website architecture and knowledge of related security configurations and protections.

5.     Experience in code reviews.

6.     Prior experience in PHP website development is a plus.

7.     OSCP, LPT or similar certification is preferred.

8.     Experience with the implementation of Information Security Management Systems (ISMS) or Personal Information Protection Management Systems (PIMS) is preferred.

9.     Experience in handling security incidents or conducting digital forensics is preferred.