Careers at Cosive

Security / Devops Engineer

Job Description

2025.02.17

Cosive is looking for a mid to senior-level Security / Devops Engineer to help design, build, and support security-related software, provide security consulting services to clients, and be a technical Subject Matter Expert (SME). 

This role requires a high level of experience in software development, ideally including Typescript and C#, with cybersecurity domain knowledge as well as the ability to communicate well. 

It also includes diagnosing and resolving operational issues for software and infrastructure for systems we operate. Experience with system administration, cloud platform deployments on AWS, and infrastructure as code (IaC) will be highly regarded.

Important: Only Australian or New Zealand residents will be accepted for this role, and the successful candidate must undergo a police check before the position will be offered to them.

About Cosive

What we do

Cosive is a specialist consultancy for security operations (SecOps) and cyber threat intelligence (CTI). We offer cybersecurity consultancy services, perform custom software development, run training courses, resell some select products, and notably we develop our own software service offerings: CloudMISP, MalwareZoo, Antifraud, and EntityTracker.

We have a strong software development and engineering capability underpinning our SecOps and CTI services that we are hiring a new team member for.

We seek an experienced software developer with ingenuity and pragmatism who has built substantial software systems, carried out open source software deployments, designed and built integrations and utility scripting, made use of Amazon Web Services and done some interesting projects in between.

Our approach

We operate as a trusted partner with our clients, working together to help them improve their security posture over time. We build close relationships with our clients and often work with them over multiple engagements over multiple years. Honesty, integrity, and trust are core values of our business.

We are a fully virtual company, with all staff working remotely from home or a co-working space if preferred. We are primarily based in Australia and New Zealand. All communications are carried out via chat room, email, and videoconferencing.

We often deal with international overseas companies. This fact means that occasionally you may be required to start early or work late in order to attend a meeting involving someone from another timezone. This is one of the reasons we have a flexible working hours policy for staff to enable them to build their work schedule around their own lifestyle. Domestic and international travel may occasionally be required to support our customers or attend conferences.

Cosive’s value stems from our people and their talent. We have a staff-first approach to workloads and the engagements we take on and we respect that each of the members of our team are experienced, capable professionals with a life outside of work. We don’t clock-watch or micromanage our team; we rely on everyone’s ability to work autonomously and collaborate when necessary to achieve good outcomes. We expect staff to be proactive and self-driven, and to always be looking for ways to contribute positively to our team.

We want you to gain as much from working at Cosive as Cosive gains from your skills, so we provide staff training opportunities, both internal and external, to ensure that your skills stay relevant and that you can eventually take that next step in your career.

We care about our staff's wellbeing. We know the impact that the stress of intensive work can have on people. This is why for the last few years, we've been giving each staff member an extra day of leave each month to use for their mental health in addition to their annual leave. We call this the Cosive ME day. Please note the Cosive ME day is an additional gift provided by Cosive and is discretionary, and does not form part of your standard remuneration package.

You can get a bit more insight into how we work here. 
‍

Security / Devops Engineer Job Duties

Security / Devops Engineers at Cosive contribute to a variety of tasks, including developing and maintaining our software products, responding to operational issues in our systems, assisting with client engagements, and contributing to internal projects.

Depending on your particular experience and aptitudes, projects may involve software development, software support, infrastructure planning and deployment using infrastructure as code (IaC), security automation, project management, developing technical materials, system administration, or other security-related tasks. The work is challenging and varied, and will expose you to many different technologies. You will also have a chance to contribute your experience to improve the way that Cosive operates.

Interactions will be between collaborating with other Cosive staff, and engaging with Cosive customers both remotely and occasionally on-site.

While we perform the large majority of our engagements remotely, there may occasionally be a requirement to travel domestically or internationally to attend client sites to perform work, primarily in Australia and New Zealand. Similarly there may infrequently be a need to attend company meetings at locations chosen by Cosive. There may also be opportunities to attend security conferences within Australasia and internationally.

Work hours are nominally Australian or New Zealand office hours of 9am-5pm, with flexible working hours available if requested. Please note, you may be required to start early or work late in order to attend a videoconference involving someone from another timezone and we expect our staff to accommodate that requirement where possible.

Your responsibilities

• Development of software in Typescript, C#, Python, depending on your skillset
• Maintenance and operational support of Cosive software and SaaS services including CloudMISP, MalwareZoo, Antifraud, and EntityTracker
• Developing software deployment patterns and code for AWS infrastructure using CDK with Typescript
• Technical consulting which may include security system integration design, tooling analysis, data analysis, advisory services, proof of concept development
• Develop proof of concepts for new ideas, tools, and concepts
• Help improve Cosive internal processes
• Stay across software and software security best practices
• Provide guidance and help to other Cosive staff
• Any other tasks as required.

What we expect from you

Essentials

The primary skills we need you to have.

• Strong software development skills, ideally including one of TypeScript, C#, or Python.
• Experience with operating systems for development and / or system administration. Linux is a primary platform but Windows in enterprise scenarios is also valuable, particularly for Windows enterprise security.
• Experience with cloud platforms, ideally Amazon Web Services (AWS).
• Security-focused skills such as secure software development, the use of cryptographic protocols, securing infrastructure, and common threats to software systems.
• High autonomy and the ability to work without supervision.
• Proactiveness and self-drive to always look for something to accomplish.
• Excellent collaboration skills using remote working technologies.
• Excellent client-facing and internal communication skills.
• Ability to self-educate and learn new technologies and technical concepts.
• Outstanding organisational and time management skills.
• Great attention to detail and multitasking skills.
• Flexibility to handle changes to processes and procedures as we grow.
• Proven working experience as a mid to senior-level technical resource.

Desirable

A list of skills that we'd like to have. Feel free to apply even if you don't have any of these skills.

• Experience with Infrastructure as Code (IaC) (e.g., CDK, CloudFormation, Terraform).
• Experience in the cyber security domain, particularly for systems and integration work.
• Experience with MISP, Threat Intelligence Platforms (TIPs), SIEMs and similar technologies.

What kinds of things will you be working on?

There are many possibilities but to give an idea, some of the many things we've worked on in the past at Cosive:

• Helping to build national and sector-based CTI sharing platforms using MISP and STIX/TAXII
• Helping SOC and CTI teams work out how to better use tooling and their team to get better outcomes
• Designing, building, and supporting cloud-based MISP and AssemblyLine platforms on AWS as well as systems of our own design to suit the needs of SecOps and intel teams
• Improving the way we perform devsecops and devops within Cosive
• Giving pragmatic advice on better leveraging tooling like MISP, TIPs, and SIEMs to get improved outcomes
• Integrating security tooling together using custom designed integrations
• Evaluating and experimenting with new technologies that might be useful to our mission

Contact & How to Apply

Please note: due to the nature of the work that Cosive Pty Ltd is involved in, candidates will be required to complete a police check as part of the job offer process.

If you would like to apply for this role, or are interested in finding out more about this opportunity, please contact us at:

Email: info@cosive.com
Phone: +61 402 646 653 (Chris Horsley)

Applications close 26 February 2025.