Principal DevSecOps Engineer

About The Position

Requirements

• Bachelor's degree in Software Engineering, Software Development, Computer Applications, Computer Engineering or a closely related field of study.
• Eight (8) years of experience as an Application Developer, Application Integration Engineer, Software Engineer, DevSecOps Engineer, Application Specialist or a closely related occupation.
• In lieu of a Bachelor's degree, ten (10) years of experience in stated fields.
• Seven (7) years of experience in Cloud environments Security.
• Experience in Container/Kubernetes Security.
• Experience in CI/CD Security and API Security.
• Experience with SIEM, OWASP Top 10, Endpoint Security, DLP, IAM, Security Architecture, Data Security, Threat Modelling and Cyber Defense.
• Automation experience with Ansible, Terraform, or CloudFormation.
• Knowledge of Networking Topology security, advanced DNS, VPN, Cloud, and load balancing.
• Understanding of cross-site scripting, cross-site request forgery, SQL injection, DoS attacks, XML/SOAP, and API attacks.
• Understanding of controlled data and compliance requirements related to PCI-DSS, HIPAA, SOX, CCPA and GDPR.

Responsibilities

• Lead and manage Scholastic's Cloud Operations, Cyber Security Operations and DevSecOps charter.
• Build, support and maintain cloud automation tools and technologies.
• Understand permissions, security, kernel services and organization of file structure, storage, and best practices.
• Lead Scholastic cybersecurity incident response and SecOps Team.
• Maintain awareness of the latest security and industry threats and trends.
• Support email protection, endpoint protection, identify provider and other access, authorization and security related tools.
• Provide SME level support for the Systems Engineering program.