Senior Specialist - IT Security (Dev Sec Ops)

About The Position

Requirements

• 5 years+ DevSecOps and Secure-SDLC work experience
• CISSP, CSSLP, cloud security, DevSecOps automation, or similar is required
• Post-secondary education or equivalent experience as a DevSecOps Engineer
• Develop/enhance and implement the Secure-SDLC framework
• Design, implement, and rollout DevSecOps automations and tool chain
• Implement sensors to collect data on key metrics for statistics and reporting
• Serve as the subject matter expert in Secure-SDLC and DevSecOps
• Advise on the processes and standards that are designed to implement a company’s Application Development Security Policy
• Experience in designing Secure-SDLC processes and relevant tooling to support the processes
• Experience in software/application analysis tools like SAST, DAST, SCA, threat modeling, supply-chain etc.
• Technical hands-on experience in automating and integrating security scan and analysis tools into the DevSecOps pipeline.
• Experience in one or more programming languages
• Familiarity with security frameworks (OWASP Top 10, SANS Top 25, CWE)

Nice To Haves

• Identify application security requirements and brainstorm solutions factoring in industry best practices
• Assess the tooling and remediation of threats and vulnerabilities within our software/applications, and the hosting environment

Responsibilities

• Lead initiatives related to DevSecOps and Secure-SDLC.
• Enhance the company’s Secure Software development Lifecycle (Secure-SDLC).
• Select and standardize application security tools, including vendor/tool assessments and full POCs.
• Integrate Secure-SDLC requirements and other security policy/requirements into the DevSecOps processes.
• Define and enhance application security requirements and standards for agile development methods, traditional application architectures, cloud architectures, and container workloads.
• Advise application security leadership on best practices and standards for application security tools, focusing on shift-left, predictable CI/CD pipeline processes, and enabling secure development.
• Assess current application security tools and processes to identify improvement opportunities and rationalize the toolset.
• Draft documentation for Secure-SDLC and DevSecOps frameworks and process guidelines.
• Assess the impact of new security industry publications on the company’s AppSec programs.
• Research new trends and advise leadership on their impact on tools, tool chain roadmaps, and process efficiency.
• Promote secure coding standards and related processes.
• Promote priorities set forth by Global Information Security and the roadmap set forth by Global Application Security.
• Automate and integrate security scan and analysis tools into the DevSecOps pipeline.
• Identify application security requirements and brainstorm solutions.
• Assess tooling and remediation of threats and vulnerabilities within software/applications and the hosting environment.

Benefits

• health and welfare benefits
• tuition assistance
• retirement programs
• employee assistance programs