DevSecOps Engineer

About Us:

Umpqua Bank is a publicly traded financial holdings company which offers banking, lending, and wealth management services to our personal, business, and commercial customers. Headquartered in Lake Oswego, Oregon with 4,000 employees and operations across Oregon, Washington, California, Idaho, Arizona, Colorado, and Nevada. It’s an especially exciting time to join our team as, upon the completion of the merger with Columbia Bank, we grow to become a leading western regional bank with more than $50B in assets under management and an unwavering commitment to our associates, our customers, and our communities.

About the Role:

Umpqua Bank is looking for an Application Security Engineer to provide application security testing services to ensure consistent secure software development practices. Our focus is on building a DevSecOps culture working closely with our product and software development teams. In this role, you will serve as an expert by defining, supporting, and managing solutions that partner with cloud operations and application development teams to deliver business value for Umpqua Bank. 

• Support continuous delivery of application vulnerability scanning, remediation, and reporting across various platforms and architectures
• Manage application vulnerabilities scanning tools (DAST, SAST, and SCA) such as Veracode, SonarQube, and OWASP Dependency Checker
• Onboard applications into SAST, DAST, and SCA scanning solutions
• Tune false positives and validate findings with our application development teams
• Provide education on security practices or methodologies to resolve vulnerabilities
• Develop, curate, and improve application security detections (static and dynamic) to identify vulnerabilities at scale
• Partner with the application development function to support streamlined, automated, and effective CI/CD pipeline security testing
• Drive a culture of DevSecOps, creating reporting and self-service capabilities to drive more ownership and accountability for security across functional teams
• Demonstrate compliance with all bank regulations for assigned job function and applies to designated job responsibilities – knowledge may be gained through coursework and on-the-job training. Keeps up to date on regulation changes.
• Follows all Bank policies and procedures, compliance regulations, and completes all required annual or job-specific training.
• Maintain a working knowledge of Bank's written policies and procedures regarding Bank Secrecy Act, Regulation CC, Regulation E, Bank Security, and other regulations as applicable to this job description.
• Actively learns, demonstrates, and fosters the Umpqua corporate culture in all actions and words.
• Takes personal initiative and is a positive example for others to emulate.

About You:

• Bachelor's Degree in Computer Science, related field, or an equivalent combination of education, training, and experience. Required.
• Working knowledge and experience with multiple security domains (e.g., application security, vulnerability reduction, data protection, encryption, logging and monitoring, network security)
• Subject Matter Expert (SME) experience with Secure Software Development Life Cycle (SSDLC) (e.g. risk assessments, threat modeling, static code analysis, code reviews and dynamic application scanning)
• Experience working with modern development practices (e.g. micro services, containers, orchestration, continuous integration & delivery pipelines)
• Experience working in regulated industries leveraging information security management frameworks and industry recognized best practice / standards (e.g. FFIEC CAT, NIST, ISO, and PCI)
• Demonstrated ability to resolve sensitive issues with other departments and to present information to senior management
• Demonstrated analytical and problem-solving skills applied to both technical and business challenges
• The ability to relate business requirements and risks to technology implementation of security-related issues.
• Knowledge of security monitoring, diagnostic and administrative tools.
• Ability to train and present to small and large audiences or has the interest in learning to train and present.
• Certifications a plus, i.e., CISSP, CCSP, CRISC, CISA

Our Benefits:

 We offer a competitive total rewards package including base salary and comprehensive benefits. The annualized range for this role is $84,770.00 to $172,014.00, and the pay rate for the successful applicant depends on a variety of non-discriminatory factors including, but not limited to, job-related knowledge, skills, and experience, education, and geographic location. The role may be eligible for performance-based incentive compensation and those details will be provided during the recruitment process.

We offer eligible associates cost-effective benefit options including comprehensive healthcare coverage (medical, dental, and vision plans), a 401(k)-retirement savings plan with employer match for qualifying associate contributions, an employee assistance program, life insurance, disability insurance, tuition assistance, mental health resources, identity theft protection, legal support, auto and home insurance, pet insurance, access to an online discount marketplace, and paid time off for vacation, illness, volunteerism, and holidays. Benefit eligibility begins the first day of the month following the date of hire for associates who are regularly scheduled to work at least thirty hours weekly. 

Our Commitment to Diversity:

Umpqua Bank is an equal opportunity and affirmative action employer committed to employing, engaging, and developing a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, color, national origin, religion, sex, age, sexual orientation, gender identity, gender expression, protected veteran status, disability, or any other applicable protected status or characteristics. If you require an accommodation to complete the application or interview(s), please let us know by email: careers@umpquabank.com

To Staffing and Recruiting Agencies:

Our posted job opportunities are only intended for individuals seeking employment at Umpqua Bank. Umpqua Bank does not accept unsolicited resumes or applications from agencies and Umpqua Bank will not be responsible for any fees related to unsolicited resume submissions. Staffing and recruiting agencies are not authorized to submit profiles, applications, or resumes to this site or to any Umpqua Bank employee and any such submissions will be considered unsolicited unless requested directly by a member of the Talent Acquisition team.

#LI-MS1

Salary : $50 - $84,770