Atato is a cryptocurrency wallet and custody provider. Our apps let individuals and businesses securely use DeFi, NFTs, and all decentralized applications. Our mission is to enable the next 100 million blockchain users. We partner with ConsenSys, Kaleido and are one of the regional blockchain leaders. Based in Singapore, founded in 2018, atato has delivered flagship digital asset projects in South-East Asia.
We are remote-first since 2018, and offer attractive compensation including bonuses and stock-options. Our working culture has no set working hours, and unlimited vacation. The team meets quarterly for workshops and outings, and we have quarterly time-off for the whole company. We value our employee’s well being, so providing health insurance from day 1 is our priority. We will also send you a welcome kit, with your own atato merchandise, and your own Macbook (with customised specs) to use for daily work.
As a Senior DevSecOps Engineer, your key metric is “vulnerability window of exposure” and it will be your primary responsibility to reduce this metric as low as possible. To achieve this, you will be responsible for integrating security tools, logging and visibility into the key phases of CI/CD: pre-commit, commit, acceptance, production and operations.
You have a broad and deep IDE to prod hands-on familiarity with open source and common commercial tooling in each phase of the CI/CD process. Your knowledge of DevSecOps includes but is not limited to solutions for pre-commit hooks, peer review, IDE plugins, unit tests, dependency management, containers, SAST in commit, DAST in acceptance, IAST/RASP, configuration management, host hardening, smoke tests, secrets management, continuous monitoring, and a working familiarity with post-mortem exercises. You are familiar with suggesting security unit testing to complement happy-path tests and can offer solutions for all stages of CI security. You should have an opinion on, and be able to suggest improvements to, this job requisition.
Responsible for reducing the key metric “window of exposure” of any vulnerability deployed to prod
Creating Dev(Sec)Ops pipelines from the ground up in a regulated industry
A subject matter expert in DevSecOps, able to guide less senior DevSecOps engineers
Technical ownership of all phases of pipeline and have an immediate impact
Build visibility into CI/CD for continuous monitoring and recommend logging and visibility solutions
Write code and tools to speed up complicated workflows and integrate security checks
Hands-on experience with busy CI/CD environment from security perspective
A professionally paranoid engineer
Hands-on experience working with cloud providers such as Google Cloud/AWS
Hands-on experience with container virtualisation e.g. Docker, K8s
Passion for cybersecurity in DevOps, situationally aware and up to date with best practices