Principle DevOps Security Engineer
Direct Hire
Information Security
, Arizona
Direct Hire
Information Security
, Arizona
To Apply for this Job Click Here
Job Title: Principal DevOps Security Engineer
Location: Phoenix, Columbus, Dallas
What you’ll do:
- Responsible for defining, implementing, & supporting a target state architecture of DevOps platform tooling that supports multiple application teams across multiple development stacks.
- Establish standards and best practices around security scanning automation, vulnerability management, and delivery (containers, PaaS, etc.).
- Guide application teams to integrate automated security scanning into CI/CD pipelines, including but not limited to Static Application Security Testing (SAST), Software Composition Analysis (SCA), and Dynamic Application Security Testing (DAST).
- Troubleshoot and resolve CI/CD pipeline issues from application teams.
- Collaborate with developers to provide guidance on secure coding practices and assist in remediation of security findings.
- Works with security, development architecture and application teams to develop strategy and plan for application and pipeline modernization with a security mindset.
- Collaborate with Security, Risk and Compliance team to create, implement and apply DevSecOps principles, processes and culture that are consumed by application teams.
- Works with Enterprise Architecture, QA, & Security teams to analyze new and emerging trends in DevOps and Development Architecture to ensure standards remain current and relevant.
- Facilitates the evaluation and selection of software product standards and services within the domain of DevOps and Development Architecture.
- Administer cloud-based Azure DevOps Services and security tooling.
- Guide and mentor team members on DevOps best practices and standards.
- Identify bottlenecks and implement solutions to optimize development and deployment processes.
What you’ll need:
- 10+ years of related IT experience, with 5+ years in application development with experience building & managing automation using DevOps / DevSecOps platforms & tooling.
- Bachelor’s degree in computer science, information technology, engineering, system analysis or a related study, or equivalent experience.
- 5+ years administration and support of SAST, DAST, and or SCA security scanning tools (SonarQube, Invicti, GitHub Advanced Security preferred).
- 5+ years administration and support of Azure DevOps Services including repositories, Pipelines, Artifacts, and work items.
- Deep understanding and experience in designing & implementing modern continuous integration (CI) and continuous delivery (CD) pipelines that include YAML, security scanning (SAST, DAST, SCA), containerized deployments, and automated testing capabilities (unit tests, regression tests, etc.).
- Proficiency in Git including branching strategies and pull request best practices.
- Experience designing & deploying integration applications into public cloud services or iPaaS-based providers (e.g., MuleSoft, Azure, AWS).
- Knowledge of OWASP Top 10 and the OWASP Testing Guide or other secure coding frameworks (NIST Cyber Security Framework, SAMM, etc.).
- Demonstrated experience in any of the following technologies: Python, FastAPI, Typescript, Node.js, Angular, React, Java, and .Net.
- Deep understanding of strategic and new and emerging technology trends, and the practical application of existing, new, and emerging technologies to new and evolving business and operating models.
- Strong written and verbal communication skills that can develop content for & communicate with Application Development & Infrastructure Engineering teams.
- The Objective mindset that can think ‘enterprise first’ and remain unbiased toward any specific technology or vendor choice, with decisions made based on data, analysis, & POC results.
- Ability to work effectively in a team environment.
Preferred:
- Experience delivering solutions across multiple cloud-based solutions including Azure, and AWS, and deploying to iPaaS solutions such as MuleSoft.
- Experience in the following tools and technologies: Atlassian Confluence, LucidChart, BurpSuite, Ansible, Terraform, Kubernetes.
- Experience delivering & operating in the Financial Services industry.
- Cloud Security Posture Management (CSPM) tooling experience.
To Apply for this Job Click Here
Apply Now
Stay Up To Date
Sign up to receive job alerts
sent directly to you!