Job Summary & Mission At Starbucks, our mission is to inspire and nurture the human spirit – one person, one cup, and one neighborhood at a time. Starbucks Technologists work to achieve this mission through the use of cutting-edge technology delivered to our partners, customers, stores, roasters, and global communities. The DevSecOps Engineer is responsible for delivering high-quality, reliable, and stable infrastructure technologies and security capabilities for the Starbucks Unified Commerce Platform. This position is accountable for the installation, configuration, monitoring, analysis, maintenance, and technical support of the security controls in the platform.
Summary of Key Responsibilities Responsibilities and essential job functions include but are not limited to the following:
- Communicates clearly and concisely, both orally and in writing
- Ability to establish cross-functional, collaborative relationships with business and technology partners
- Enables team members to understand "why" security controls are important to mitigate enterprise risks
- Ability to effectively manage and partner with technology vendors to deliver against business objectives
- Conducts research and make proactive decisions and recommendations on standards, products, and services in support of the Unified Commerce Platform
- Ensures application and infrastructure architectural solutions are stable, secure, and compliant with Company standards and practices
- Implements all technologies in accordance with Information Security's guiding principles for highly sensitive data
- Is knowledgeable in Security Operational Management to include Change Management, Release Management, Incident Management, and Problem Management
- Implements security monitoring across all platforms to ensure continuous availability and operational continuity of critical systems
- Demonstrated experience implementing and managing high capacity, redundant, and mission critical environments
- Upholds company policies, and legal/regulatory requirements, such as PCI
- Implements and maintains system configurations and baselines to support secure application development software control best practices and standards
- Deep knowledge of Information Security with experience in the fields of networksecurity, endpoint security, identity management, access control, cloud security and/or cryptography
- Provides support to team members in order to achieve partners, business, and customer results
- Cultivates an environment where associates respect and adhere to company standards of integrity and ethics
- Demonstrated ability to work successfully in a fast-paced and cross-functional team environment
- Strong technical background and understanding in the areas of enterprise infrastructure and information security.
Summary of Experience
- BS degree in Information Technology, Computer Science, or a related field
- Achievement of an advanced security related certification such as CISSP
- 3+ years experience in a combination of security, risk management, and technology jobs
- 3+ years of experience designing, implementing, auditing, and sustaining PCI-DSS compliant environments
- 3+ years security systems or secure application development experience
- 2+ years experience managing IT vendor and supplier relationships
- 2+ years of experience in system administration, network administration, and systems engineering
- 2+ years supporting Linux operating systems, both server and client
- 2+ years supporting Microsoft Windows operating systems, both server and client
- 2+ years of experience with network administration and database administration
- 2+ years utilizing logging, monitoring, and alerting solutions, and/or similar solutions as a system administrator
- 2+ years utilizing configuration management solutions as a system administrator
- Experience with highly virtualized environments and cloud technologies
- Strong understanding of the business impact of security tools, technologies and policies. Ability to develop and articulate a compelling business case for recommended actions.
- Proven track record and experience in developing security policies, procedures and standards while successfully executing security projects.
- Knowledge and understanding of relevant legal and regulatory requirements, such as SOX, PCI, HIPAA, Data Protection, etc.
- Strong conceptual understanding of information security theory
- Previous experience supporting an in-house development environment -- an advantage.