This job was posted by https://illinoisjoblink.illinois.gov : For more information, please see: https://illinoisjoblink.illinois.gov/jobs/11829138 Department

BSD CTD - DevSecOps

About the Department

The Center for Translational Data Science (CTDS) at the University of Chicago is a research center whose mission is to develop the discipline of translational data science to impactful problems in biology, medicine, healthcare, and the environment. We envision a world in which researchers have ready access to the data needed and the tools required to make data driven discoveries that increase our scientific knowledge and improve the quality of life. We architect ecosystems of large-scale commons of research data, computing resources, applications, tools, and services for the broader research community to use data at scale to pursue scientific inquiry and accelerate discovery. Learn more at https://gdc.cancer.gov/, https://gen3.org/, https://stats.gen3.org/, and https://ctds.uchicago.edu/.

Job Summary

As a DevSecOps Engineer on our team, you\'ll use your development experience to streamline our secure software development life cycle, security automation and orchestration, and incident response from requirements to monitoring in production You\'ll incorporate open-source tools, automation, and Cloud resources to cut down on tedious, monotonous tasks and free up the teams to do what they do best - innovate.

This at-will position is wholly or partially funded by contractual grant funding which is renewed under provisions set by the grantor of the contract. Employment will be contingent upon the continued receipt of these grant funds and satisfactory job performance.

Responsibilities

• Evaluate and analyze threat, vulnerability, impact, and risk of security issues discovered from various DevSecOps tools such as Static Application Security Testing (SAST), Software Composition Analysis (SCA), Interactive Application Security Testing (IAST), Dynamic Application Security Testing (DAST) and Container Security platform.
• Advise and collaborate with DevOps teams, developers, application, and project teams on the security issues, including explanation of the technical details and how they can remediate the vulnerabilities in their applications.
• Develop and design DevSecOps metrics, policies, processes, and procedures.
• Provide training to developers and other stakeholders on the usage of the tools.
• Assist with implementing and designing automated security checks and additional security tools within the CI/CD pipelines.
• Conduct POCs and work with vendors for DevSecOps tools to achieve security automation and efficiency.
• Effectively communicate and manage expectations of various stakeholders.
• Keep abreast of the latest industry trends in security and DevSecOps processes and make continuous recommendations for improvement.
• Assist in maintaining FedRamp Moderate and FISMA Moderate compliance.
• Investigates, analyzes and resolves day-to-day technical problems using standard procedures.
• Works with stakeholders to gather and analyze requirements for developmental programs. Receives a moderate level of guidance to design applications to meet University and business requirements.
• Performs code testing on components and works to ensure that appropriate implementation standards are met. Evaluates design alternatives for development cost and solutions using various methods.
• Supports and maintains existing applications. Works with developers and responds to requests from users.
• Performs other related work as needed.

Minimum Qualifications

Education:

Minimum requirements include a college or university degree in related field.

---

Work Experience:

Minimum requirements include knowledge and ski ls developed through 5-7 years of work experience in a related job discipline.

---

Certifications:

---

Preferred Qualifications

Education:

• A recognized university degree in Computer Science, Computer/Electrical Engineering, Information Technology or equivalent.

Experience:

• 2+ years of experience developing infrastructure, system configuration and/or deployment automation, for one or more cloud platforms including OpenStack, AWS, GCP, and Azure.
• Sound technical background of working with SAST, SCA, DAST, IAST and other vulnerability scanning tools.
• Prior experience in performing secure code reviews, web application penetration tests.
• Solid understanding of full DevSecOps pipeline, Agile methodology, container security, APIs and microservices.
• Capable of working with various CI/CD tools.
• Analytical thinker with excellent communication skills.
• Familiarity of NIST 800-53, FedRAMP, FISMA, HIPPA and other regulatory/industries requirements.
• Experience with Palo XSOAR.

Licenses and Certifications:r