Full Job Description
What you'll be doing...
Lead the end-to-end implementation of DevSecOps and database security frameworks for the GSAM applications; Orchestrate security enablement to protect high-stakes corporate data and ensure compliance with global security standards; Direct a multidisciplinary technical team through the full software development life cycle; Guide developers on feature architecture, oversee Sprint planning in an Agile environment, manage production support, and ensure seamless program management for security-critical applications; Architect and deploy Kubernetes and OpenShift clusters to modernize and containerize legacy security applications; Design scalable infrastructure-as-code solutions to enhance application resilience and security posture; Engineer robust DevSecOps pipelines by integrating a suite of industry-standard tools; Automate the transition from development to production while maintaining strict security gates; Execute and manage automated security scanning protocols within the deployment lifecycle; Utilize SonarQube, Fortify, and SonarType to identify vulnerabilities, and provide technical guidance to development teams to remediate code-level security flaws; Design and manage ETL data pipelines to synchronize security application data; Build and maintain the GSAM database, ensuring the delivery of daily automated feeds for real-time security scanning and access restriction enforcement; Pioneer the integration of AI and ML modules into security automation engineering; Collaborate with specialized teams to onboard advanced AI models that enhance threat detection and automate engineering workflows.
What we're looking for...
Bachelor's or foreign equivalent degree in Computer Science, Applied Computer Science, Computer Engineering, Information Systems, or a related field, and 4 years of experience in the job offered or as a Cyber Security Engineer, Software/DevOps Engineer, Technology Architect, Systems Administrator, or in a related/similar position. Experience therein to include 2 years in each of the following: DevSecOps automation using GitLab CI/CD, GitHub Actions, Jenkins, and Ansible or Terraform; static application security testing (SAST), using SonarQube for scanning source code; dynamic application security testing (DAST) using OWASP ZAP; software composition analysis (SCA) and data/application security using Twistlock or Sysdig, Fortify, and Black Duck; JavaScript, Python, and Shell script. Hybrid role, ability to work from home.
Must Reference: Job code SHCHIW-W.
Where you'll be working
In this hybrid role, you'll have a defined work location that includes working from home and a minimum of three days per week in the office, which will be set by your manager. Employees are responsible for maintaining compliance with hybrid work policies.
Scheduled Weekly Hours
40