DevSecOps Engineer, Secure-SDLC, Financial Services Firm
Company: Laws & Associates Inc.
Location: Phoenix
Posted on: March 20, 2023
Job Description:
Work for a global leader in human resources consulting, helping
clients navigate an increasingly dynamic and complex environment
through four market-leading businesses. They are seeking a
DevSecOps & Secure SDLC Engineer in any of the following areas:
Atlanta, GA; Phoenix, AZ; or Urbandale, IA.
WHAT YOU'LL DO:
- Lead initiatives related to DevSecOps and Secure-SDLC.
- Define and enhance the company's Secure Software development
Lifecycle (Secure-SDLC), which in turn will reflect the company's
Application Development Security Policy,
- Select and standardize application security tools. This
includes vendor/tool assessments and full POC,
- Integrate Secure-SDLC requirements and other security
policies/requirements into the DevSecOps processes,
- Define and enhance application security requirements and
standards that must be designed for agile development methods
leveraging traditional application architectures, cloud
architectures, and container workloads.
- Advise the application security leadership on best practices
and standards around application security tools with the main focus
on unifying vulnerability reporting, creating predictable CI/CD
pipeline processes, and enabling application teams to develop new
capabilities securely and free from security defects by design
- Assess security tools currently used within the various
business Software Development Life Cycle processes to identify
business requirements, and rationalize the tools set
- Select new application security tools including vendor/tool
assessments, and conduct full POC to prove that the security
solutions/products are fit-for-purpose and fit-for-use
- Draft documentation for the Secure-SDLC and DevSecOps to
illustrate the frameworks and process guidelines to internal
customers, ensuring the style is palatable and easy to
navigate.
- Assess the impact of new publications from the security
industry (e.g., NIST 800-XXX, ISO 2700X:2022, etc.) on the
company's AppSec programs
- Research new trends and advise the application security
leaderships on the impact of the new trends as they relate to
currently used tools, toolchain roadmap, efficiency, and
effectiveness of current processes, etc.
- Standardize code weakness analysis processes
- Promote the priorities set forth by the Global Information
Security function and the roadmap set forth by the Global
Application Security.
- Identify application security requirements and brainstorm
solutions.
- Assess the tooling and remediation of threats and
vulnerabilities within our software/applications, and the hosting
environment Requirements
- 5+ years experience in DevSecOps and Secure-SDLC work
experience
- CISSP, CSSLP, cloud security, DevSecOps automation, or similar
is required
- Experience developing/enhancing and implementing Secure-SDLC
frameworks
- Experience with design, implementation, and rollout of
DevSecOps automation and toolchain
- Experience in designing Secure-SDLC processes and relevant
tooling to support the processes
- Experience in software/application analysis tools like SAST,
DAST, SCA, IAST, RASP, threat modeling, etc.
- Technical hands-on experience in automating and integrating
analysis tools into the DevSecOps pipeline.
- Post-secondary education or equivalent experience as a
DevSecOps Engineer Benefits
- They are the global leader in human resources consulting
- They offer top-notch benefits: multiple medical, dental, and
vision plans with choices to fit all needs and budgets - benefits
coverage starting Day 1
- Flexible work opportunities for work/life balance
- A culture of internal mobility, diversity, inclusion, and
collaboration
Keywords: Laws & Associates Inc., Phoenix , DevSecOps Engineer, Secure-SDLC, Financial Services Firm, Accounting, Auditing , Phoenix, Arizona
Didn't find what you're looking for? Search again!
Loading more jobs...