The Company

NorthMark Strategies is a leading investment firm, combining capital, innovation, and engineering to drive long-term value. From operating complex businesses to backing breakthrough technologies, our mission is to build enduring businesses. Our team combines intelligent risk-taking, operational excellence, exceptional talent, and world-class computing capacity to create shareholder value.

Our company offers a dynamic environment where individuals have the freedom to lead companies toward bold achievements by embracing innovation, leveraging technology, and fostering differentiated business strategies. Our values are Integrity, Ability, and Energy, and the company aims to hire individuals who possess those qualities.

At NorthMark Strategies, we believe the future isn’t something to hope for, it’s something to build. We don’t just invest, we create. Bringing together strategic insight and technical horsepower to deliver outcomes that endure.

Position
The Information Security team is responsible for the oversight and execution of Enterprise’s Information Security, Business Continuity and Risk Management programs to support our business goals. This includes, but is not limited to security operations, vulnerability and patch management, incident response, disaster recovery, risk identification and mitigation planning / implementation, identity management, network security, privacy, and compliance. The position of DevSecOps Engineer will report to the Director, Security Architecture and will focus on developing and building solutions for the Security Organization. In this role, you will build and develop platforms and solutions to streamline and enhance Security Engineering. You will often take part in design and code reviews and offer direction to ensure project scoping activities match architectural goals and specifications. In addition, partner closely with development teams to introduce security capabilities and processes into the software development lifecycle, while promoting a ‘Secure by Design’ approach. Lastly, you will work on cross-team projects, such as, threat surface reduction and vulnerability management.

Responsibilities:

• Tool Selection and Implementation: Research, evaluate, and implement security tools and technologies to enhance, automate, or introduce new security capabilities organization. This includes, but not limited to, SCA, SAST, DAST, CI/CD, and additional Automation Tooling.

• Tool Integration & Automation: Develop automation scripts and integrate security tools into existing workflows to improve operational efficiency, reduce human error, and ensure continuous monitoring and mitigation of vulnerabilities.

• Develop and Build Solutions: Work within the security team to develop and build solutions that will move the organization forward in new ways. Partner with other technology teams to develop and build security controls.

• Automate to Scale: Leverage your background to identify processes and workflows to automate

• Security Monitoring: Continuously monitor the performance and effectiveness of deployed security tools and solutions, ensuring that they are configured optimally to detect and respond to emerging threats, vulnerabilities, and are performing as expected. Identify ways to make security transparent within the organization with Dashboards.

• Vulnerability Management: Collaborate with cross-functional teams to manage and prioritize vulnerabilities detected by the security team or within CI/CD security tools. Work with engineering teams to ensure timely patching, remediation, and secure configuration of systems.

• Application Security: Participate in code and architecture reviews, work with Product and Development teams to select secure and preferred development libraries. Provide guidance on secure application design patterns and collaborate with application teams identifying best practices within code. Help lead training requirements for secure coding practices within the organization.

• Data Correlation & Analysis: Use tools to gather and correlate data to identify potentially bad coding practices or designs.

• Incident Response: Support the incident response team by leveraging security tools to investigate, identify, and mitigate vulnerabilities or weaknesses that may have been exploited during an attack.

• Documentation & Reporting: Document tool configurations, processes, and procedures to ensure repeatability and maintainability of attack surface reduction initiatives. Provide regular reports and metrics to leadership on the status and effectiveness of security tools.

• Continuous Improvement: Stay up-to-date on the latest security trends, vulnerabilities, and new tools that can enhance attack surface reduction efforts. Recommend improvements and new technologies to continuously evolve the security program.

• Ideal candidate would also have experience with Public and Private Cloud, Container Orchestration, and a good understanding of Kubernetes and Docker. This role is perfect for someone seeking to establish and own a DevSecOps Program.

Requirements:

• Bachelor’s degree in Computer Science, Information Security, or a related field.

• 5+ years of experience in an Infrastructure, Security, DevOps/DevSecOps, with an Application Security or Software Engineering Background.

• Hands-on experience with Github, Github Actions, Containers, API(s), and Terraform. Familiarity with tools used in DAST, SAST, SBOM, and SCA Tools.

• Strong experience in configuring and integrating with on prem estates (e.g. Data centers) and multi-cloud environments (AWS, Azure, GCP).

• Knowledge of automation tools and scripting languages (Python, Bash, PowerShell, etc.) to automate workflows, integrate security tools, and build solutions.

• Experience assessing and hardening Kubernetes and Containers environments

• Experience integrating DevSecOps tooling into development pipelines to improve the security of internally developed software as well as Infrastructure as Code.

• Experience in implementing enterprise-wide vulnerability management solutions, including container-based vulnerability management.

• Self-starter who demonstrates strong ownership of their domain

• Interpersonal and collaborative skills and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.

• High level of personal integrity, and the ability to professionally handle confidential matters.

• Natural passion for security and ownership, with strong drive to develop and identify solutions, while working to move projects and investigations to completion.

It is impossible to list every requirement for, or responsibility of, any position.  Similarly, we cannot identify all the skills a position may require since job responsibilities and the Company’s needs may change over time.  Therefore, the above job description is not comprehensive or exhaustive.  The Company reserves the right to adjust, add to or eliminate any aspect of the above description.  The Company also retains the right to require all employees to undertake additional or different job responsibilities when necessary to meet business needs.

Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future.

Benefits & Perks:

• Company-Paid Benefits: 100% Employer-Paid Medical in our High Deductible Health Plan, Dental and Vision benefits for employees and their families, 16 weeks of Paid Parental Leave, Employee Assistance Program, Life insurance, Short-Term Disability and Long-Term Disability

• 401(k): Company will match 100% of your contributions up to 6%

• Optional Employee-Paid Benefits: Medical insurance in our PPO plan and a variety of other benefits such as Health Savings Accounts (with Company Contribution!), Flexible Spending Accounts, Supplemental Life Insurance, Wellhub and more.

• Time Off:  25 days of Paid Time Off plus 12 company holidays

EQUAL OPPORTUNITY EMPLOYER

NORTHMARK STRATEGIES LLC IS AN EQUAL EMPLOYMENT OPPORTUNITY EMPLOYER. THE COMPANY'S POLICY IS NOT TO DISCRIMINATE AGAINST ANY APPLICANT OR EMPLOYEE BASED ON RACE, COLOR, RELIGION, NATIONAL ORIGIN, GENDER, AGE, SEXUAL ORIENTATION, GENDER IDENTITY OR EXPRESSION, MARITAL STATUS, MENTAL OR PHYSICAL DISABILITY, AND GENETIC INFORMATION, OR ANY OTHER BASIS PROTECTED BY APPLICABLE LAW. THE FIRM ALSO PROHIBITS HARASSMENT OF APPLICANTS OR EMPLOYEES BASED ON ANY OF THESE PROTECTED CATEGORIES.