About Atato

Atato is a cryptocurrency wallet and custody provider. Our apps let individuals and businesses securely use DeFi, NFTs, and all decentralized applications. Our mission is to enable the next 100 million blockchain users. We partner with ConsenSys, Kaleido and are one of the regional blockchain leaders. Based in Singapore, founded in 2018, atato has delivered flagship digital asset projects in South-East Asia.

Our Benefits

We are remote-first since 2018, and offer attractive compensation including bonuses and stock-options. Our working culture has no set working hours, and unlimited vacation. The team meets quarterly for workshops and outings, and we have quarterly time-off for the whole company. We value our employee’s well being, so providing health insurance from day 1 is our priority. We will also send you a welcome kit, with your own atato merchandise, and your own Macbook (with customised specs) to use for daily work.

The Job

As a Senior DevSecOps Engineer, your key metric is “vulnerability window of exposure” and it will be your primary responsibility to reduce this metric as low as possible. To achieve this, you will be responsible for integrating security tools, logging and visibility into the key phases of CI/CD: pre-commit, commit, acceptance, production and operations. 

You have a broad and deep IDE to prod hands-on familiarity with open source and common commercial tooling in each phase of the CI/CD process. Your knowledge of DevSecOps includes but is not limited to solutions for pre-commit hooks, peer review, IDE plugins, unit tests, dependency management, containers, SAST in commit, DAST in acceptance, IAST/RASP, configuration management, host hardening, smoke tests, secrets management, continuous monitoring, and a working familiarity with post-mortem exercises. You are familiar with suggesting security unit testing to complement happy-path tests and can offer solutions for all stages of CI security. You should have an opinion on, and be able to suggest improvements to, this job requisition.

Your responsibilities

• Responsible for reducing the key metric “window of exposure” of any vulnerability deployed to prod
• Creating Dev(Sec)Ops pipelines from the ground up in a regulated industry
• A subject matter expert in DevSecOps, able to guide less senior DevSecOps engineers 
• Technical ownership of all phases of pipeline and have an immediate impact
• Build visibility into CI/CD for continuous monitoring and recommend logging and visibility solutions
• Write code and tools to speed up complicated workflows and integrate security checks

Our requirements

• Confidence that you match the description of this role and happy to be tested

• Hands-on experience with busy CI/CD environment from security perspective
• A professionally paranoid engineer
• Hands-on experience working with cloud providers such as Google Cloud/AWS
• Hands-on experience with container virtualisation e.g. Docker, K8s
• Passion for cybersecurity in DevOps, situationally aware and up to date with best practices