Application Security DevOps Manager

Fiat Chrysler Automobiles   •  

Auburn Hills, MI

Industry: Manufacturing & Automotive

  •  

5 - 7 years

Posted 56 days ago

FCA US LLC – Information Communication Technology (ICT) is seeking an Application Security DevOps Manager to oversee the Application Security Team, and represent the Global CISO organization in DevOps pipeline development for Advanced Driver-Assistance Systems (ADAS) and other application development projects. The ideal candidate will have a strong background in application security testing, secure coding practices, DevOps, SDLC, CI/CD pipeline, code scanning tools, and remediation efforts in a fast-paced, collaborative environment.

Job responsibilities include but are not limited to:

  • Ensure developed software is free from security defects through integration of Application Security into build, deployment, test automation, environment management, monitoring, and production release procedures
  • Manage Application Security Team to perform risk based application security testing on applications
  • Oversight of project teams; gathering functional and technical requirements, project timelines, status reporting, issue/risk identification, issue/risk mitigation, and deployment Design, approve and validate security automation into the DevOps pipeline to allow for automated Byte
  • Code, Data Flow, and Dynamic Analysis testing
  • Provide expert level security consultation to project teams and application owners, which includes relevant security controls as well as DevOps and SDLC security process requirements
  • Ensure security policies, coding standards, and required security controls are being followed and appropriately mitigating threats
  • Understanding the business stakeholder needs, as well as the intricacies and challenges of the ADAS and Connected Vehicle Ecosystem
  • Setting clear expectations and defining the security application and services development processes, with focus on process dependencies and timing milestones

Basic Qualifications:

  • Bachelor's degree
  • Minimum 5 years of related professional experience
  • Minimum 2 years' experience in developing and leading teams
  • Minimum 3 years' experience in Secure DevOps pipeline and methodology
  • Minimum 3 years' experience in Continuous Integration and Continuous Deployment tools
  • Minimum 3 years application security experience including proficiency in AppSec concepts such as SaST, DaST, IaST, Pen testing, etc.
  • Proven track record working in a global distributed team environment
  • Good communication and relationship management skills

Preferred Qualifications:

  • Bachelor of Science in a technical concentration Computer Science or MIS
  • Advanced security certification(s) (CISSP, CSSLP, OSCP, GWEB, GWAPT or similar advanced security certification)
  • Strong experience using industry standard DevOps tools (CI/CD, GoCD, Git, scripting, Gradle, Maven, Ants, JUnit, JACOCO, JFrog Artifactory, Ansible, Docker, Kubernetes, etc.)
  • Experience with application security tools as IBM AppScan, Checkmarx, SonarCube, Portswigger, Burp Pro, HP WebInspect,, Black Duck, Veracode, InsightVMs, etc.
  • Strong experience with Web API and Mobile application testing
  • Advanced knowledge of cloud technologies and cloud infrastructures
  • Experience with scripting, with a preference for Python, Perl, bash, php etc.
  • Familiar with microservice architectures and decoupled systems
  • Experience working in a global manufacturing organization
  • Experience in autonomous driving (ADAS)