Sr. DevSecOps Engineer

The Sr. DevSecOps Engineer will be responsible for delivering the global application security program within the CISO/Information Security team.

The Sr. Application Security Engineer will lead and provide updated guidance and hands-on support to development and software/engineering teams on the current secure SDLC and software development security standards.

The individual will also lead the testing of the security controls of applications and implementation of architecture and operational projects to improve the hybrid, application security posture.

The Sr. DevSecOps Engineer will be also responsible for integrating security automation into DevOps processes, enhance cloud security posture, and will lead the secure development training program.

Additionally, the position will support the broader information security team (Governance Risk and Compliance, Security Operations, and IT Security).

Responsibilities And Duties


Implement Application Security/DevSecOps which covers areas such as integrating security into build automation, deployment automation, test automation, SDLC orchestration, environment management, monitoring, and production release procedures
Promote DevSecOps culture and train development and DevOps teams secure development and secure SDLC
Mastering subject matter expertise for enterprise customers web application security program
Drive adoption of DevSecOps tools and practices including application security testing including automating security (within hybrid technology environment)
Be engaged in all aspects of DevSecOps implementation and enhance security throughout
Ability to apply security knowledge and experience in a DevOps development lifecycle
Development and implementation of cloud security, container security and infrastructure as code security concepts, principles, and best practices
Enhance cloud security posture and application attack surface management by advising and assist implementing cloud security with DevOps and CloudOps personnel
Supporting the creation and curating application security reports and metrics to stakeholders
Deliver secure training to global software developers/engineers
Execute, liaise, and report on penetration testing results to application and infrastructure stakeholders
Ability to perform technical integrations with SIEM tools
Support Information Security department leads including but not limited to Governance Risk and Compliance (GRC), Security Operations (Incident Response, Monitoring etc.), and IT Security (TVM, additional security tools etc.)
Assist in Merger & Acquisition (M&A) security-related activities
Qualifications


5 years' experience in application security including proficiency in AppSec concepts such as those in OWASP top 10, secure SDLC, agile methodologies and transformations etc.
3 years' experience in one or more security testing tools, including Static Analysis, Software Composition Analysis and/or Dynamic Analysis (e.g. Veracode, Checkmarx, Snyk, NetSparker, Acunetix, Qualys WAS etc.)
Experience with hands-on development as a software engineer/developer
Knowledge in CI/CD, securing the pipeline, best practices and tools (i.e. Gitlab/GitOps, TeamCity, Ansible)
Great understanding of Google Cloud Platform or AWS security and DevSecOps
Understanding of one or more of the following languages: Python, Scala, Java, .Net, C#, JavaScript, TypeScript, SQL
Familiarity with infrastructure as code security
Familiarity with container security
Experience performing assessments against applications and their underlying infrastructure, configuration, and deployment strategy
Good leadership, communication (written and oral) and interpersonal skills
Understanding of data security and experience handling PII
Bachelor's Degree or higher in Computer Science or related field (Engineering, Computer Science, Mathematics Information Systems, etc) or equivalent technical experience
Good to have but not necessary industry recognized certification in security (e.g., CISSP, CISM, CEH, OSCP, OSWA, GWAPT, GPEN, GCSA, GCLD, CCSK, CCSP, etc.)