DevSecOps Engineer

About The Position

Requirements

• 4+ years of experience in DevOps, Cybersecurity, and related roles, with demonstrated experience in integrating security practices into the development lifecycle
• Proficiency with CI/CD tools, including Gitlab, and expertise in automating security processes within these pipelines
• Strong understanding and hands-on experience with cloud security in AWS, including cloud-native security tools like AWS Security Hub
• Expertise in Infrastructure as Code (IaC) using tools like Terraform with a focus on securely automation and managing cloud environments
• Experience with security tools such as static and dynamic code analysis, container security (e.g. Prisma Cloud), and vulnerability management platforms
• Strong knowledge of threat modeling, vulnerability assessment, and penetration testing, with the ability to prioritize and remediate identified vulnerabilities
• Proficiency with Identity and Access Management (IAM) platforms, Zero Trust security models, and multi-factor authentication technologies
• Experience in compliance frameworks such as NIST, GDPR, and SOC 2, with practical experience with conducting security audits and risk assessments
• Proficiency with scripting and automation languages like Python, Bash, or PowerShell for automating security tasks and enhancing operational efficiency
• Experience with monitoring, log aggregation, and SIEM solutions to ensure real-time security monitoring and incident detection
• Knowledge of cloud architecture and AWS-specific best practices
• Ability to work independently and in a team environment
• Strong analytical, communication, and problem-solving skills

Responsibilities

• Provide expertise and support to the development, systems, and cloud operations teams to integrate security seamlessly into the entire Software Development Lifecycle (SDLC) and Infrastructure as Code (IaC) processes
• Engineer and implement multi-layer cybersecurity solutions for on-premise and cloud environments. Integrate those solutions with existing automation and management processes and platforms
• Plan, develop, and manage CI/CD pipeline security testing, vulnerability scanning, configuration management, and supply chain security
• Perform and supervise security assessments, which includes penetration testing, vulnerability scans, and threat modeling for applications, APIs, and infrastructure. Coordinate with internal teams and external partners to remediate identified risks
• Evaluate, deploy, and manage advanced security tools and platforms, including static and dynamic code analysis tools, container security solutions, and cloud security posture management platforms, to enhance the security of applications and environments
• Ensure compliance with security frameworks and regulations such as NIST CSF, SOC 2, and GDPR by participating in security audits, risk assessments, and implementing necessary controls to address requirements
• Provide subject matter expertise and support to development and operations teams on secure coding practices, threat prevention, and compliance mandates. Plan, develop, and deploy training programs to facilitate the adoption of secure development methodologies
• Maintain knowledge of the latest security trends, vulnerabilities, and emerging technologies, recommend and implement continuous improvements to enhance the organization's security posture and ensure proactive protection against evolving threats
• Organize and maintain real-time security monitoring, alerting, and reporting mechanisms to provide visibility into security incidents and ensure ongoing compliance with security standards

Benefits

• Time to Recharge: Utilize our generous Paid Time Off (PTO) to focus on your well-being and ensure a healthy work/life balance. PTO includes paid holidays, vacation, personal and sick days, plus an extra day off for your birthday.
• Ability to Focus on your Health: Along with competitive salaries, the NHL offers comprehensive health benefits to employees and their eligible dependents effective on their first day with us - there is no waiting period. The NHL subsidizes a large portion of the health benefits costs, therefore your cost for medical, dental and vision coverage is minimal.
• We also offer our employees and members of their household access to our Employee Assistance Program (EAP) to support mental, physical, and financial health. In addition, employees have access to a digital wellness resource designed to improve health and happiness through courses in sleep, movement, and focus. These services are confidential and at no-cost to our employees.
• Childcare Leave: Because your family is the NHL family, employees are offered comprehensive Childcare Leave to welcome your new addition. The primary caregiver to the child is entitled to up to 12 weeks of paid Childcare Leave, at full pay, following the birth, adoption, or placement of a child.
• Employees that are not the primary caregiver to the child are entitled to up to 6 weeks of paid Childcare Leave, at full pay, which must be taken within the first 6 months following the birth, adoption, or placement of a child.
• Confidence in your Retirement Goals: Participate in the NHL's Savings Plan which includes a 401K (pre-tax and Roth options) plus non-elective (employer) contributions to keep your retirement goals on track.
• A Hybrid Work Schedule: The NHL recognizes the value of flexibility in work locations/schedules to help our employees balance work/life priorities. Hybrid work schedules are available for a majority of our roles.
• Our New Headquarters: Our new, state of the art, offices are located at One Manhattan West in Hudson Yards. When you're in the office, you can conduct meetings in one of our high-tech conference rooms, have lunch with a view or play in the game room. Employees can also enjoy New York's newest neighborhood that is home to more than 100 shops, culinary experiences, and public artwork.
• A Savings for Commuting: Participate in the NHL's pre-tax commuter benefit plan which helps offset the financial cost of traveling to and from our office.
• NHL Partner Rates: Unlock exclusive pricing from our Partners that include savings on travel, consumer goods and services, plus the NHL Store.
• Life at the NHL: In your first few days, you meet with your new teammates and the HR Team. You have the opportunity to learn more about the NHL and our workplace culture. Employees are invited to play hockey during our Tuesday Night Skate at Chelsea Piers, join our Employee Resource Groups and more. You are a part of our team and we encourage you to be your authentic self, adding to our dynamic workplace culture.