Job Summary:

The Senior DevSecOps Engineer will implement and maintain security solutions for our software products and supporting systems. This position requires extensive knowledge of various scripting languages, programming languages, testing processes, cloud services, and automation technologies. You will work in an agile team environment that has an eye on continuously improving our high quality & high throughput software development processes. This position will work closely with leads and management and will also work with multiple disciplines within the software development team. You will assist with leading projects through their implementation, as well as assisting in directing the activities of other team members.

Essential Job Functions (*=Non-essential tasks):

• Stay abreast of the latest security trends and best practices

• Champion a security mindset and provide ongoing training to the software development team on security best practices

• Set up and maintain security tools, including, but not limited to, Static Application Security Testing (SAST) tools, Software Composition Analysis (SCA) tools, Dynamic Application Security Testing (DAST) tools, and Infrastructure as Code (IaC) security scanning software

• Set up, maintain, and enhance system components and applications both directly (writing IaC, clickOps, etc.) and indirectly (code reviews, pair programming, etc.)

• Set up and maintain the security infrastructure (firewalls, VPC’s, etc.), policies (CORS, CSP, etc.), and technologies used to keep our system components and applications secure.

• Evaluate and perform risk analysis on all new system components

• Test and review system component and application changes for security vulnerabilities

• Ensure all systems are built in a repeatable manner (infrastructure as code), are documented, and version controlled.

• Work with various disciplines within the software development lifecycle to implement security testing and best practices seamlessly into the process

• Ensure patching is performed and security risk assessment items are addressed

• Set up and maintain security monitoring systems; both at an infrastructure level and at an application level

• Monitor the overall network and security infrastructure, responding to security events or incidents as needed

• Participate in developing a security minded culture

• Ensure all we comply with relevant standards and regulations for developing secure solutions, including PCI requirements

Requirements:

Experience:

• 7+ years of professional experience in a DevSecOps role and/or a combination of developing software applications, testing software applications, and networking & server administration

• 3+ years of professional experience with cloud hosting services (Amazon, Azure, etc)

• 2+ years of professional project management experience on medium to large projects

• Broad experience demonstrating success with Agile methodologies

• Hands on experience in networking security, application security, and cloud security

• Proficient knowledge in various scripting languages, programming languages, and system & server administration

• Wide knowledge in operating systems administration, programming languages, cloud platform deployment, networking protocols, and security

Education:

• Bachelor of Science degree in a Computer designated area or related field of study, or commensurate work experience.

Skills and Abilities:

• Self-motivated and driven to succeed

• Forward thinking, innovative, and creative

• Debugging and critical thinking ability

• Good communication skills, both verbal and written

• Strong understanding of security concepts, best practices, and principles

• Strong technical skills including demonstrated understanding of the software development lifecycle, application architecture, and cloud-based infrastructure

• Familiar with testing processes and automation tools

• Ability to adapt to shifting priorities, while meeting personal and team deadlines and goals

• Ability to lead and inspire project team members

• Ability to work effectively with all disciplines within a software development team

• This position will handle confidential data, and confidentiality must be maintained

Working Environment:

• Remote or hybrid office environment that will require extensive use of computer software and equipment

• Travel will be infrequent

Supervisory Responsibilities:

• Assist manager in the coaching and development of team members

• This position will not be responsible for selection of personnel, performance appraisals, and such actions as merit increases, promotions, reassignments of employees, or terminations

(These statements are intended to describe the general nature and level of work involved for this job. It is not an exhaustive list of all responsibilities, duties and skills required of this job.)