DevSecOps Engineer

Department Summary:

• Help evaluate, select, deploy, and integrate security security tooling in CI/CD pipelines and empower development and deployment teams to incorporate security tooling and processes in all aspects of development and deployment operations. Help build, harden, maintain, and instrument a comprehensive security orchestration platform within continuous integration & deployment pipelines.
• Work with platform & cloud engineering and software deployment teams to ensure security processes & tooling in development and deployment pipelines.
• Work with appropriate stakeholders to ensure efficient response to issues detected by security tooling.
• Build partnerships with development and deployment teams across several lines of business.
• Create and deliver security training and guidance for development and deployment teams, ensuring they are able to fully leverage and maximize value/efficiency gains from security processes and tooling, allowing them to innovate rapidly and securely. Reduce time to delivery of secure platforms through orchestration and automation.
• Work in tandem with teams including Application Security Architecture, Security Architecture, Development, Deployment, Cloud Security, Cloud & Platform Engineering, SOC & Cyber Defense Operations, Vulnerability Management, and other IT Operations Teams to identify and implement the most optimal solutions for the company and its customers.
• Help identify and automate repetitive and/or manually time-consuming tasks.
• Measure value and impact of DevSecOps initiatives and help prepare and share impact/progress reporting with IT and Operations leadership.
• Assist development teams with rapid understanding, impact assessment and remediation of detected security issues.
• Assist Application Security Architecture team providing evaluation, guidance, and onboarding support to development and operations teams regarding new applications.

• Attend and host meetings and provide support in the form of targeted agendas, meeting notes, communications, and follow-up delivery.
• Maintain relevant and current professional knowledge via in-house training, online resources, attendance at professional events, and personal investment in continued education and certification.
• Monitor industry trends for changes, risks, releases, and advancements in DevOps & DevSecOps, cloud computing and technologies, and development frameworks.
• Develop and maintain working relationships with development and deployment teams, their leadership, and various other stakeholders, including pertinent vendors.
• Analyze and review existing processes and procedures to determine areas of possible improvement that will lead to gains in efficiency and security.
• Participate in special projects and perform other duties as assigned.

• B.S. / B.A. degree or equivalent required.
• MBA and/or post-graduate information security degree preferred.

• Excellent verbal and writing skills and the ability to communicate effectively with all levels. Ability to effectively present complex technical topics to non-technical audiences.
• 3+ years of pertinent professional experience in DevOps/DevSecOps, with significant exposure to a variety of technologies and domains.
• 2+ years of pertinent software engineering experience.
• 2+ years working with AWS, Azure, and/or Google Cloud Platform. Understanding of cloud computing and cloud security concepts, and some fluency with cloud management tools/commands.
• Experience writing standard operating procedures, system requirements, and other technical documents.
• Experience collaborating with cross functional teams to achieve a shared project goal.
• Working knowledge of software-defined lifecycles, product packaging, and deployments

• Experience with cloud automation tools such as GitLab, Jenkins, Puppet, Chef, Harness, Terraform, CloudFormation, Ansible, SALT, etc.
• Knowledge of containerized technologies like Kubernetes, Docker, etc.
• Experience scripting with Bash, Python, PowerShell, NodeJs, JavaScript, etc.
• Experience coding in more programming languages such as C, Java, C#, etc.
• Familiarity with Cloud Architecture & Security design.
• Knowledge of WAF, IDS/IPS, SIEM, SOAR, EDR, UEBA, Application Whitelisting, Vulnerability Management.
• Experience with API development, tooling, and security.
• Experience conducting Static Application Security Testing (SAST), Software Composition Analysis (SCA), Dynamic Application Security Testing (DAST), Interactive Application Security Testing (IAST), assessing results, and remediating findings.
• Working knowledge of OWASP Top 10 & SANS Top 25.

• Cloud Computing and/or DevOps/DevSecOps certification(s).

• Excellent time-management and prioritization skills.
• Strong planning and task management skills.
• Working knowledge and experience with project and portfolio management tools, preferably Service Now, Microsoft Project, and/or Jira.
• Business process automation mindset and experience.
• Continual education to develop new skills and technical expertise including proactively organizing, summarizing, and sharing knowledge with others.