Job Information
OSV Senior DevSecOps Engineer in Huntington, Indiana
Job Summary:
The Senior DevSecOps Engineer will implement and maintain security solutions for our software products and supporting systems. This position requires extensive knowledge of various scripting languages, programming languages, testing processes, cloud services, and automation technologies. You will work in an agile team environment that has an eye on continuously improving our high quality & high throughput software development processes. This position will work closely with leads and management and will also work with multiple disciplines within the software development team. You will assist with leading projects through their implementation, as well as assisting in directing the activities of other team members.
Essential Job Functions (*=Non-essential tasks):
Stay abreast of the latest security trends and best practices
Champion a security mindset and provide ongoing training to the software development team on security best practices
Set up and maintain security tools, including, but not limited to, Static Application Security Testing (SAST) tools, Software Composition Analysis (SCA) tools, Dynamic Application Security Testing (DAST) tools, and Infrastructure as Code (IaC) security scanning software
Set up, maintain, and enhance system components and applications both directly (writing IaC, clickOps, etc.) and indirectly (code reviews, pair programming, etc.)
Set up and maintain the security infrastructure (firewalls, VPC’s, etc.), policies (CORS, CSP, etc.), and technologies used to keep our system components and applications secure.
Evaluate and perform risk analysis on all new system components
Test and review system component and application changes for security vulnerabilities
Ensure all systems are built in a repeatable manner (infrastructure as code), are documented, and version controlled.
Work with various disciplines within the software development lifecycle to implement security testing and best practices seamlessly into the process
Ensure patching is performed and security risk assessment items are addressed
Set up and maintain security monitoring systems; both at an infrastructure level and at an application level
Monitor the overall network and security infrastructure, responding to security events or incidents as needed
Participate in developing a security minded culture
Ensure all we comply with relevant standards and regulations for developing secure solutions, including PCI requirements
Requirements:
Experience:
7+ years of professional experience in a DevSecOps role and/or a combination of developing software applications, testing software applications, and networking & server administration
3+ years of professional experience with cloud hosting services (Amazon, Azure, etc)
2+ years of professional project management experience on medium to large projects
Broad experience demonstrating success with Agile methodologies
Hands on experience in networking security, application security, and cloud security
Proficient knowledge in various scripting languages, programming languages, and system & server administration
Wide knowledge in operating systems administration, programming languages, cloud platform deployment, networking protocols, and security
Education:
- Bachelor of Science degree in a Computer designated area or related field of study, or commensurate work experience.
Skills and Abilities:
Self-motivated and driven to succeed
Forward thinking, innovative, and creative
Debugging and critical thinking ability
Good communication skills, both verbal and written
Strong understanding of security concepts, best practices, and principles
Strong technical skills including demonstrated understanding of the software development lifecycle, application architecture, and cloud-based infrastructure
Familiar with testing processes and automation tools
Ability to adapt to shifting priorities, while meeting personal and team deadlines and goals
Ability to lead and inspire project team members
Ability to work effectively with all disciplines within a software development team
This position will handle confidential data, and confidentiality must be maintained
Working Environment:
Remote or hybrid office environment that will require extensive use of computer software and equipment
Travel will be infrequent
Supervisory Responsibilities:
Assist manager in the coaching and development of team members
This position will not be responsible for selection of personnel, performance appraisals, and such actions as merit increases, promotions, reassignments of employees, or terminations
(These statements are intended to describe the general nature and level of work involved for this job. It is not an exhaustive list of all responsibilities, duties and skills required of this job.)