Marsh McLennan

Senior Specialist - IT Security (Dev Sec Ops)

Marsh McLennan$126K — $176K *
Vancouver, BC V5K 5J9In-Person
Information Technology
5 - 7 years of experience
1 month ago
Job Overview by Ladders

Qualifications

  • 5+ years of experience in DevSecOps and Secure-SDLC
  • Relevant certifications such as CISSP or CSSLP
  • Proven experience in implementing Secure-SDLC frameworks
  • Expertise in automating DevSecOps processes
  • Solid understanding of application security tools like SAST, DAST, and threat modeling
  • Familiarity with security compliance frameworks (e.g. OWASP, SANS)
  • Experience in at least one programming language

Responsibilities

  • Lead DevSecOps and Secure-SDLC initiatives
  • Enhance Secure Software development lifecycle practices
  • Standardize application security tools after thorough evaluation
  • Integrate security requirements into DevSecOps processes
  • Define and improve application security standards for agile and cloud architectures
  • Advise leadership on best practices for application security tools
  • Automate security analysis tools within CI/CD pipelines

Benefits

  • Hybrid work flexibility with both remote and in-office collaboration
  • Comprehensive health and welfare benefits
  • Tuition assistance for professional development
  • Retirement programs for financial security
  • Employee assistance programs for personal support
Full Job Description
DevSecOps & Secure-SDLC Engineer

What can you expect?
• Lead initiatives related to DevSecOps and Secure-SDLC.
• Enhance the company's Secure Software development Lifecycle (Secure-SDLC) which in turn will reflect the company's Application Development Security Policy,
• Select and standardize application security tools. This includes vendor/tool assessments and full POC,
• Integrate Secure-SDLC requirements and other security policy/requirements into the DevSecOps processes,
• Define and enhance application security requirements and standards which must be designed for agile development methods leveraging traditional application architectures as well as cloud architectures and container workloads.

We will count on you to:
• Advise the application security leadership on best practices and standards around application security tools with main focus on shift-left, create predictable CI/CD pipeline processes, and enable application teams to develop new capabilities securely, and free from security defects, by design
• Assess security tools and related processes currently used within the various Software Development Life Cycle processes to identify improvements opportunities, and rationalize the tools set
• Select new application security tools including vendor/tool assessments and conduct full POC to prove that the security solutions/products are fit-for-purpose and fit-for-use
• Draft documentations for the Secure-SDLC and DevSecOps to illustrate the frameworks and its process guidelines to internal customers ensuring the style is palatable and easy to navigate
• Assess impact of new publications from the security industry (e.g. NIST 800-XXX, ISO 2700X:2022, etc) on the company's AppSec programs
• Research new trends and advise the application security leaderships on impact of the new trends as they relate to currently used tools, tool chain roadmap, efficiency and effectiveness of current processes, etc.
• Promote secure coding standard and all related processes
• Promote the priorities set forth by Global Information Security function, and the roadmap set forth by the Global Application Security
• Automate and integrate security scan and analysis tools into the DevSecOps pipeline

What you need to have:
• 5 years+ DevSecOps and Secure-SDLC work experience
• CISSP, CSSLP, cloud security, DevSecOps automation, or similar is required
• Post-secondary education or equivalent experience as a DevSecOps Engineer
• Develop/enhance and implement the Secure-SDLC framework
• Design, implement, and rollout DevSecOps automations and tool chain
• Implement sensors to collect data on key metrics for statistics and reporting
• Serve as the subject matter expert in Secure-SDLC and DevSecOps
• Advise on the processes and standards that are designed to implement a company's Application Development Security Policy
• Experience in designing Secure-SDLC processes and relevant tooling to support the processes
• Experience in software/application analysis tools like SAST, DAST, SCA, threat modeling, supply-chain etc.
• Technical hands-on experience in automating and integrating security scan and analysis tools into the DevSecOps pipeline.
• Experience in one or more programming languages
• Familiarity with security frameworks (OWASP Top 10, SANS Top 25, CWE)

What makes you stand out:
• Identify application security requirements and brainstorm solutions factoring in industry best practices
• Assess the tooling and remediation of threats and vulnerabilities within our software/applications, and the hosting environment

Marsh is committed to hybrid work, which includes the flexibility of working remotely and the collaboration, connections and professional development benefits of working together in the office. All Marsh colleagues are expected to be in their local office or working onsite with clients at least three days per week. Office-based teams will identify at least one "anchor day" per week on which their full team will be together in person.

The applicable base salary range for this role is $126,000 to $176,000.

The base pay offered will be determined on factors such as experience, skills, training, location, certifications, education, and any applicable minimum wage requirements. Decisions will be determined on a case-by-case basis. In addition to the base salary, this position may be eligible for performance-based incentives.

We are excited to offer a competitive total rewards package which includes health and welfare benefits, tuition assistance, retirement programs as well as employee assistance programs.

This is a New position.

About Marsh McLennan

Marsh McLennan Careers

Join the exceptional team at Marsh McLennan, a global leader in professional services, offering unparalleled job opportunities in insurance, risk management, and consultancy. As the company propels forward, it invites dedicated professionals to contribute to a culture of innovation, leadership, and growth.

Work You’ll Do

At Marsh McLennan, you will engage with complex challenges that push the boundaries of your skills and knowledge. Our team thrives on diversity and the shared goal of delivering impactful solutions to our clients worldwide. By joining us, you will be part of a culture that values diversity training and leadership development, ensuring every team member is equipped for success.

Explore Professional Growth

Marsh McLennan is committed to the professional growth of its employees. Whether you are seeking a position that offers a path to leadership or looking for robust internship programs to kickstart your career, Marsh McLennan provides the resources and global platform to propel your ambitions into achievements. Our benefits package is designed to support the well-being and continuous professional development of all staff, from entry-level to senior leadership roles.

Innovative Work Environment

Our company is at the forefront of industry innovation. The collaboration between experienced professionals and fresh talent generates dynamic solutions that keep Marsh McLennan at the cutting edge of the industry. Our team is encouraged to lead with creativity and embrace new ideas, driving the company’s legacy of pioneering industry-first solutions.

Join Our Team

Marsh McLennan is hiring! Explore the multitude of job opportunities on our careers page, from strategic advisory roles to operational excellence positions. We look for passionate, curious, and solution-driven team players. Enhance your career with Marsh McLennan, where your skills will be honed through challenging projects and high-impact strategies.

Networking and Career Advancement

Networking at Marsh McLennan opens doors to enriching connections and countless opportunities within the industry. Our professionals benefit from an environment that fosters networking through events, professional groups, and collaborative projects. With Marsh McLennan, career advancement is not just a possibility—it is an expectation.

Prepare for Your Interview

Ready to apply? Make sure your resume highlights your most relevant experiences and skills tailored to the position you are applying for. Our interview process is designed to understand your capabilities and fit with our team’s goals and values. Prepare to discuss how your background, experiences, and professional aspirations align with the opportunities at Marsh McLennan.

Stay Connected

Keep up to date with the latest from Marsh McLennan: - **Career Insights**: Gain insider perspectives and industry-leading insights through our careers blog. - **Job Alert Emails**: Personalize your subscription to receive job alerts and the latest news tailored to your preferences. Discover the rewarding career opportunities awaiting at Marsh McLennan, where your professional journey is just the beginning. Join us in shaping a future defined by insight, integrity, and innovation.
Learn more about Marsh McLennan
Size
83,000 employees
Market Cap
$82.6 billion
Industry
Finance & Insurance
Net Income
$2 billion
Founded
1914
5 Year Trend
+8.5%
Revenue
$17.2 billion
NASDAQ
MMC
* Ladders Estimates

Similar Jobs

Ad banner background

Get Ready For Your
Next Interview

More Jobs at Marsh McLennan

More Information Technology Jobs

Find similar Senior Specialist - IT Security (Dev Sec Ops) jobs:

NationwideVancouver, BC