Security Automation Engineer -Architect

Overview

• Review system and software releases for new functionality and test to optimize existing systems, processes, and integrations accordingly

• Propose, develop, implement and maintain automation of security controls to support DevSecOps methodologies.
• Provision, deploy and maintain security tools in collaboration with the application development teams.
• Research current trends in DevOps tools in order to design best in class DevSecOps. Orchestrate multiple Proof of Concept initiatives to insure the AppSec team remains on the cutting edge of vulnerability prevention, detection and remediation.

• Design, deploy, administer, monitor, and enhance the Application Security DevOps Framework.
• Act as an authority on your domain expertise; combining expert-level proficiency with the ability to communicate clearly and collaborate to turn broad requirements into deliverable work items
• Diagnose and resolve issues while identifying recurring problems or processes that can be remediated through automation
• Troubleshoot system functional and operational issues as well as maintain the system operations at all times
• Produce, maintain and update knowledge base documentation, runbooks, and SOPs
• Identify and take advantage of opportunities to train and mentor various members of the Application Security team.
• Perform and provide progress on project deliverables, tasks, and milestones, as well as provide project documentation such as, architecture diagrams, and runbooks
• Act as a primary point of contact for system outages and escalations
• Take initiative to develop unique projects in which you get to research new technology, solve more complex problems, perform POCs
• Work with leadership to gather ROI and complete whitepapers to justify purchase approval
• Work with team members to schedule and report upon the execution of testing and validation efforts as part of a formal release ITIL Change Management process
• Represent team recommendations to leadership, demonstrate influence over governance bodies, and coach on communicating technical issues, impact, and risk mitigation strategies in business terminology that non-technical resources can understand
• Build strong relationships and influence with vendors, business and technology leaders
• Keep ahead of emerging trends, understand business area opportunities and challenges, process or system impacts to all related business or systems areas when designing recommended solutions to achieve business objectives
• Perform other duties as assigned
• Solid understanding of computing and network concepts and troubleshooting skills.
• The utmost passion for technology and a thirst for knowledge and growth
• Ability to work well within a team; good interpersonal relational and collaboration skills
• Knowledge of downstream integrations to gauge the impact of changes, triage and remedy incidents, and scope level of effort for new initiatives
• Knowledge of virtualization technologies
• Have hands-on experience in grooming/mentoring individuals and being the bar raiser in the team
• Demonstrated attention to detail with the ability to design and develop solutions to meet business needs creatively
• Customer Service focused approach to interactions with business partners and employee user community
• Strong organizational and time management skills
• Demonstrated success in a fast-paced, high-performance, and deadline-driven engineering team
• Ability to handle escalations and friendly resolution of the most complex hardware and software problems
• Ability to learn quickly and use new complex technical concepts and resolve issues in a rapidly changing environment
• Ability to discuss complex technical concepts with technical staff, stakeholders, and business executives in a simple, straightforward manner
• Familiar with current security protection, encryption, monitoring/auditing, and remediation techniques with the proven ability to oversee solutions for the network, servers, databases, and the desktop
• Familiar with disaster recovery, business continuity, and high availability concepts
• Working knowledge of Windows and Linux operating systems and administrative functions (Ops Support)
• Working knowledge of SDLC or CI/CD pipeline tools such as GitHub, Jenkins, Sonarqube, Selenium, Docker, Chef, Puppet, JIRA, etc.
• Experience working with technologies such as Ansible, Stackstorm, Terraform, GitLab, Docker, VMWare
• Working knowledge of secure code testing tools using static code analysis, dynamic analysis and Interactive Application Security Testing.
• Ability to work independently to assess and address system issues
• Experience managing 3rd party hardware and software vendors and providers

• A minimum of 8 years- experience in IT
• 5 years being responsible for application development of DevOps platforms or similar Enterprise wide services utilizing Python and or Java.
• Bachelor's degree in a related discipline or equivalent combination of education and experience required

• Application security experience
• CCSP and/or CSSLP certification
• Experience working on an Agile team
• Working knowledge of security frameworks such as NIST and ISO 27000