We are looking for an experienced DevSecOps architect to help integrate security into Agile/DevOps strategy and practices by using DevSecOps principles, processes and tools. You will also build automation/ infrastructure as code to enforce cloud infrastructure security. You will automate security processes into CI/CD pipeline.
- Provide strategic direction and subject matter expertise for wide adoption of DevSecOps automation.
- Build and maintain DevSecOps pipelines to adopt shift-left paradigm for security testing (SAST, DAST, IAST, RASP etc.)
- Developand promotebest practices for DevSecOps and secure CI/CD.
- Stay up-to-date on new security tools & techniques, and act as driver of innovation and process maturity.
- Conduct research and evaluate new DevSecOps platforms, components, tools, and processes for new projects and ongoing initiatives.
- Collect security-related metrics and increase security visibility across the organization.
- Deploy and manage security tools to cloud infrastructure platforms such as Google Cloud or AWS, through automation using infrastructure-as-code principles.
- Work with teams to bring continuous improvement to DevSecOps processes and tools.
What we’re looking for...
You’ll need to have:
- Bachelor’s degree or four or more years of work experience.
- Six or more years of relevant work experience.
- Experience as a full stack developer, with hands-on experience in DevSecOps practices.
- Experience with CI/CD tools such as GitLab, Jenkins, Nexus, Artifactory.
- Experience with software security, secure coding, or software assurance tools and techniques.
Even better if you have:
- A degree in Computer Science, Computer Engineering or a related field.
- Certifications: One or more of the following CISSP, CISM, CRISC, GSEC.
- Demonstrated skill with at least one or more configuration management/scripting technologies such as Ansible, Chef, Puppet.
- Experience with tools and technologies used throughout secure SDLC (e.g. Fortify, Checkmarx, Veracode, WhiteSource, Blackduck).
- Proven track record of securly architecting and owning cloud platforms such as (AWS, GCE, Azure) using Infrastructure as code techniques.
- Experience with Linux Containers (Docker), Kubernetes, and deployment of containerized applications/microservices architectures.
- Experience in software development.
- Experience in Information Security, Networking or Security Risk Management.
- Experience developing software or scripting with Java, Python, etc.
- Knowledge of Agile & DevOps methodologies.
- Experience with Cloud Security (AWS, GCS, Azure).
- Experience with ISO 27001-2, NIST 800-53, or other controls standards.
- Excellent documentation and organization skills.
- Ability to multitask, take direction, prioritize, and manage multiple activities / tasks to achieve objectives.
- Excellent oral, written, and interpersonal skills. Ability to present and communicate to both superiors and peers.