DevSecOps Engineer, Secure-SDLC, Financial Services Firm

Company: Laws & Associates Inc.
Location: Phoenix
Posted on: March 20, 2023

Job Description:

Work for a global leader in human resources consulting, helping clients navigate an increasingly dynamic and complex environment through four market-leading businesses. They are seeking a DevSecOps & Secure SDLC Engineer in any of the following areas: Atlanta, GA; Phoenix, AZ; or Urbandale, IA.

WHAT YOU'LL DO:

• Lead initiatives related to DevSecOps and Secure-SDLC.
• Define and enhance the company's Secure Software development Lifecycle (Secure-SDLC), which in turn will reflect the company's Application Development Security Policy,
• Select and standardize application security tools. This includes vendor/tool assessments and full POC,
• Integrate Secure-SDLC requirements and other security policies/requirements into the DevSecOps processes,
• Define and enhance application security requirements and standards that must be designed for agile development methods leveraging traditional application architectures, cloud architectures, and container workloads.
• Advise the application security leadership on best practices and standards around application security tools with the main focus on unifying vulnerability reporting, creating predictable CI/CD pipeline processes, and enabling application teams to develop new capabilities securely and free from security defects by design
• Assess security tools currently used within the various business Software Development Life Cycle processes to identify business requirements, and rationalize the tools set
• Select new application security tools including vendor/tool assessments, and conduct full POC to prove that the security solutions/products are fit-for-purpose and fit-for-use
• Draft documentation for the Secure-SDLC and DevSecOps to illustrate the frameworks and process guidelines to internal customers, ensuring the style is palatable and easy to navigate.
• Assess the impact of new publications from the security industry (e.g., NIST 800-XXX, ISO 2700X:2022, etc.) on the company's AppSec programs
• Research new trends and advise the application security leaderships on the impact of the new trends as they relate to currently used tools, toolchain roadmap, efficiency, and effectiveness of current processes, etc.
• Standardize code weakness analysis processes
• Promote the priorities set forth by the Global Information Security function and the roadmap set forth by the Global Application Security.
• Identify application security requirements and brainstorm solutions.
• Assess the tooling and remediation of threats and vulnerabilities within our software/applications, and the hosting environment Requirements
  • 5+ years experience in DevSecOps and Secure-SDLC work experience
  • CISSP, CSSLP, cloud security, DevSecOps automation, or similar is required
  • Experience developing/enhancing and implementing Secure-SDLC frameworks
  • Experience with design, implementation, and rollout of DevSecOps automation and toolchain
  • Experience in designing Secure-SDLC processes and relevant tooling to support the processes
  • Experience in software/application analysis tools like SAST, DAST, SCA, IAST, RASP, threat modeling, etc.
  • Technical hands-on experience in automating and integrating analysis tools into the DevSecOps pipeline.
  • Post-secondary education or equivalent experience as a DevSecOps Engineer Benefits
    • They are the global leader in human resources consulting
    • They offer top-notch benefits: multiple medical, dental, and vision plans with choices to fit all needs and budgets - benefits coverage starting Day 1
    • Flexible work opportunities for work/life balance
    • A culture of internal mobility, diversity, inclusion, and collaboration

Keywords: Laws & Associates Inc., Phoenix , DevSecOps Engineer, Secure-SDLC, Financial Services Firm, Accounting, Auditing , Phoenix, Arizona