FCA US LLC – Information Communication Technology (ICT) is seeking an Application Security DevOps Manager to oversee the Application Security Team, and represent the Global CISO organization in DevOps pipeline development for Advanced Driver-Assistance Systems (ADAS) and other application development projects. The ideal candidate will have a strong background in application security testing, secure coding practices, DevOps, SDLC, CI/CD pipeline, code scanning tools, and remediation efforts in a fast-paced, collaborative environment.
Job responsibilities include but are not limited to:
- Ensure developed software is free from security defects through integration of Application Security into build, deployment, test automation, environment management, monitoring, and production release procedures
- Manage Application Security Team to perform risk based application security testing on applications
- Oversight of project teams; gathering functional and technical requirements, project timelines, status reporting, issue/risk identification, issue/risk mitigation, and deployment Design, approve and validate security automation into the DevOps pipeline to allow for automated Byte
- Code, Data Flow, and Dynamic Analysis testing
- Provide expert level security consultation to project teams and application owners, which includes relevant security controls as well as DevOps and SDLC security process requirements
- Ensure security policies, coding standards, and required security controls are being followed and appropriately mitigating threats
- Understanding the business stakeholder needs, as well as the intricacies and challenges of the ADAS and Connected Vehicle Ecosystem
- Setting clear expectations and defining the security application and services development processes, with focus on process dependencies and timing milestones
- Bachelor's degree
- Minimum 5 years of related professional experience
- Minimum 2 years' experience in developing and leading teams
- Minimum 3 years' experience in Secure DevOps pipeline and methodology
- Minimum 3 years' experience in Continuous Integration and Continuous Deployment tools
- Minimum 3 years application security experience including proficiency in AppSec concepts such as SaST, DaST, IaST, Pen testing, etc.
- Proven track record working in a global distributed team environment
- Good communication and relationship management skills
- Bachelor of Science in a technical concentration Computer Science or MIS
- Advanced security certification(s) (CISSP, CSSLP, OSCP, GWEB, GWAPT or similar advanced security certification)
- Strong experience using industry standard DevOps tools (CI/CD, GoCD, Git, scripting, Gradle, Maven, Ants, JUnit, JACOCO, JFrog Artifactory, Ansible, Docker, Kubernetes, etc.)
- Experience with application security tools as IBM AppScan, Checkmarx, SonarCube, Portswigger, Burp Pro, HP WebInspect,, Black Duck, Veracode, InsightVMs, etc.
- Strong experience with Web API and Mobile application testing
- Advanced knowledge of cloud technologies and cloud infrastructures
- Experience with scripting, with a preference for Python, Perl, bash, php etc.
- Familiar with microservice architectures and decoupled systems
- Experience working in a global manufacturing organization
- Experience in autonomous driving (ADAS)