DevOps / DevSecOps Engineer at (Poly)Swarm Technologies, Inc


Job Title




(Poly)Swarm Technologies, Inc

DevOps / DevSecOps Engineer

San Diego, CA


Join the Swarm

At Swarm Technologies, Inc, we're developing innovative solutions to age-old information security problems - and we need your help.

At its core, PolySwarm is market design enabled by Ethereum smart contracts. We are (literally) programming a marketplace that will produce crowdsourced threat intelligence (malware detection today, more tomorrow).

You're in on the ground floor - you'll have a say in what we do and how we do it. By joining Swarm Technologies, you'll be joining a dynamic team on the bleeding edge of information (computer) security and blockchain - answering questions few have thought to ask.

As a Dev(Sec)Ops Engineer at PolySwarm, you will be critical to making PolySwarm a reality. Senior hires will be entrusted with broad decision-making responsibility concerning infrastructure, deployment, scale, access control, continuous integration and much, much more. This is unique opportunity to shape DevOps processes for a growing company in an exciting intersection between Information Security (InfoSec) and Blockchain technology.

Current Real-World Challenges

* We need to securely provision, revoke and manage secrets: SSH & API keys, Ethereum wallets and more. These secrets are used in various contexts by our various projects. How do we provision access in a seamless manner that scales with the number of authentication methods a given individual requires?
* Is a blue / green paradigm best for deploying (and upgrading) various test networks ("testnets") used for onboarding security experts to our platform? These testnets run Ethereum chains & isolated IPFS nodes, among other things. If this paradigm is desirable, how do we best go about implementing it?
* We need to manage access and load balance requests across various testnets & "sidechains" with partially overlapping user sets. It would be great if this load balancing was hidden behind a single highly available REST endpoint and traffic was routed to the correct place based on the URI e.g. GET /<testnet_id>/<artifact_id>. How should we load balance such requests, handle authorization and ensure the availability of the endpoint?
* Our build process for release binaries is manual at the moment. We'd like to produce Electron applications for Windows, macOS and Linux automatically, tied to our CI process and specific branch naming convention. How do we best accomplish this? How should we best manage CI processes across multiple OSes?

Notes on our Current Process

* Development has been migrated from an internal GitLab instance to GitHub:
* Continuous Integration is still being handled by GitLab external CI with webhooks into our various GitHub repos
* Due to the complexity and interconnectedness of our various projects, our CI process must conduct "end-to-end" testing involving many projects:
* If CI checks pass, CI auto-publishes various Docker images to Docker Hub:
* Tools / technologies / services in use include: Docker, Docker Compose, Docker Hub, Terraform, GitLab CI, DigitalOcean, AWS, Azure, NGINX

We have plenty of room for improvement. What would you change about our process? Best ideas win; we look forward to hearing yours!

The Ideal Candidate Is...

  1. Independently motivated & self-directing

  2. Introspective: able to identify weak spots / problem areas our existing processes or code and suggest / implement solutions

  3. Takes an interest in information security topics - huge props for Capture the Flag (CTF) participation!

  4. Holds at least a BS in Computer Science or related field

  5. (Senior level): 5+ years of relevant work experience

We Offer

  • Competitive salaries

  • Excellent health, dental, vision coverage

  • Unlimited* paid vacation days

  • Travel (if you like). We have offices in San Diego, Puerto Rico and Tokyo and we often find ourselves travelling elsewhere. If travel interests you, we can scratch that itch.

  • Flexible work hours - outside of scheduled meetings, we don't care *when* you work, we care about your output.

  • Powerful servers, laptops, desktops - whatever you need to be most productive!

*Within reason! We avoid arbitrary numbers for vacation allotments. Take what you need, don't abuse it. As a start-up, we may ask that you avoid vacation for crunch times.

 In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification form upon hire.

Company Profile


Job Details