SecOps Engineer

Who We Are:

CrashPlan® provides peace of mind through easy-to-use, automatic endpoint data backup. We help organizations recover from any worst-case scenario, whether it is a disaster, simple human error, a stolen laptop, ransomware or an as-of-yet undiscovered calamity. We continue to innovate as the landscape of work evolves, which makes CrashPlan foundational to organizations’ data security. What starts as endpoint backup and recovery becomes a solution for ransomware recovery, breaches, migrations, and legal holds.

What You Will Be Doing:

We are recruiting for a SecOps Engineer to join our team.  In this role you will work closely with engineering and DevOps to integrate security into every part of our development lifecycle. This is a hands-on role where you’ll wear multiple hats—from threat modeling and secure coding practices to working on security infrastructure and incident response to executing vulnerability scans of product infrastructure. You will address legacy and emerging security issues and implement repeatable secure development practices to reduce the introduction of product design flaws that may lead to exploitation. You will also be responsible for assessing the security of applications for business-to-business initiatives, third-party relationships, and outsourced solutions as well as recommending security controls and best practices, and monitoring and managing secure development practices. 

Note - We are only considering remote candidates in the following states: 

AL, AZ, CA, CO, FL, GA, IL, IN, KS, MA, MD, MI, MN, NC, NJ, NY, OH, SC, SD, TX, UT, VA, WA, WI

• Implement and manage security tools (SIEM, EDR, CSPM, vulnerability scanners, etc.) in cloud-native environments including AWS and Azure
• Collaborate with DevOps and engineering teams to embed security in CI/CD pipelines (DevSecOps)
• Monitor for and respond to security incidents, working within an incident response framework
• Conduct threat modeling, risk assessments, and vulnerability scans across our infrastructure and applications
• Automate security processes and reporting using scripting and Infrastructure as Code (IaC)
• Execute dynamic code analysis and support release testing for product releases
• Work with third-party vendors for penetration testing and audits
• Work closely with Engineering teams to embed security throughout the SDLC (design, code reviews, CI/CD automation)
• Follow a security review process to ensure automated and repeatable processes are managed. This can be through the use of dynamic and static code analysis resources.
• Collaborate with DevOps to harden cloud infrastructure configurations (AWS, Azure)

• 3+ years of experience in SecOps, DevSecOps, application security or a related security engineering role
• Proficiency with cloud infrastructure (e.g., AWS, Azure, Akamai) and cloud security principles
• Solid understanding of modern web app architectures, APIs, and common security risks (e.g., OWASP Top 10)
• Familiarity with DevOps tools and CI/CD pipelines (e.g., GitHub Actions, Jenkins, Terraform)
• Familiarity with infrastructure automation tools (Terraform, Ansible)
• Strong knowledge of Linux, container security (e.g., Docker), and networking fundamentals
• Hands-on experience with SIEMs (e.g. Sumo Logic), EDR, security monitoring and CSPM tools
• Understanding of secure coding practices and common vulnerabilities (OWASP Top 10)
• Scripting skills in Python, Javascript, Bash, or similar
• Experience with cloud security best practices (preferably AWS)
• Excellent communication skills—able to explain security concepts to technical and non-technical audiences

• Relevant certifications (e.g., CISSP, GSEC, OSCP, AWS Security Specialty)
• Experience with security compliance audits (SOC 2, HIPAA, ISO 27001)
• Background in SaaS or multi-tenant cloud environments
• Familiarity with zero trust architecture and modern identity management solutions (e.g., Okta, Azure AD, Entra)