drjobs
DevSecOps Secure-SDLC Engineer - Chicago
drjobs DevSecOps Secure-SDLC Engineer - Chicago English

DevSecOps Secure-SDLC Engineer - Chicago

صاحب العمل نشط

1 وظيفة شاغرة
هذا المنشور غير متاح الآن! ربما يكون قد تم شغل الوظيفة.
drjobs

حالة تأهب وظيفة

سيتم تحديثك بأحدث تنبيهات الوظائف عبر البريد الإلكتروني
Valid email field required
أرسل الوظائف
drjobs drjobs drjobs
drjobs drjobs
drjobs

حالة تأهب وظيفة

سيتم تحديثك بأحدث تنبيهات الوظائف عبر البريد الإلكتروني

Valid email field required
أرسل الوظائف

الخبرة

drjobs

1-3 سنوات

الراتب الشهري

drjobs

لم يكشف

drjobs

لم يتم الكشف عن الراتب

عدد الوظائف الشاغرة

1 وظيفة شاغرة

الوصف الوظيفي

رقم الوظيفة : 1984740

DevSecOps & Secure-SDLC Engineer - Chicago

NYC, NY 10006/ Atlanta, GA 30303/ Chicago, IL 60623/ Urbandale, IA 50322/ Phoenix, AZ 85008

Must be a US Citizen or Green Card holder.

  • The client is seeking candidates for the following position in our New York, Chicago, Atlanta, Phoenix, or Urbandale offices.
  • Lead initiatives related to DevSecOps and Secure-SDLC.
  • Define and enhance the company s Secure Software development Lifecycle (Secure-SDLC) which in turn will reflect the company s Application Development Security Policy,
  • Select and standardize application security tools. This includes vendor/tool assessments and full POC,
  • Integrate Secure-SDLC requirements and other security policy/requirements into the DevSecOps processes,
  • Define and enhance application security requirements and standards which must be designed for agile development methods leveraging traditional application architectures as well as cloud architectures and container workloads.

RESPONSIBILITIES:

  • Advise the application security leadership on best practices and standards around application security tools with main focus to unify vulnerability reporting, create predictable CI/CD pipeline processes, and enable application teams to develop new capabilities securely, and free from security defects, by design
  • Assess security tools currently used within the various business Software Development Life Cycle processes to identify business requirements, and rationalize the tools set
  • Select new application security tools including vendor/tool assessments and conduct full POC to prove that the security solutions/products are fit-for-purpose and fit-for-use
  • Draft documentations for the Secure-SDLC and DevSecOps to illustrate the frameworks and process guidelines to internal customers ensuring the style is palatable and easy to navigate
  • Assess impact of new publications from the security industry (e.g., NIST 800-XXX, ISO 2700X:2022, etc.) on the company s AppSec programs
  • Research new trends and advise the application security leaderships on impact of the new trends as they relate to currently used tools, tool chain roadmap, efficiency, and effectiveness of current processes, etc.
  • Standardize code weakness analysis processes
  • Promote the priorities set forth by Global Information Security function, and the roadmap set forth by the Global Application Security

Pay and Benefits:

Competitive Salary:

Performance Based Career Growth - Global career opportunities

Culture Work in a culture with strong values

Benefits competitive salaries and comprehensive benefits and programs including health and welfare, tuition assistance, 401K, employee assistance program, domestic partnership benefits, career mobility, employee network groups, volunteer opportunities, and other programs

Paid Time Off for the things you love to do

Holiday and Sick Time available

Training to help advance your skills for career development

QUALIFICATIONS:

  • 5 years+ DevSecOps and Secure-SDLC work experience
  • CISSP, CSSLP, cloud security, DevSecOps automation, or similar is required
  • Post-secondary education or equivalent experience as a DevSecOps Engineer
  • Develop/enhance and implement the Secure-SDLC framework
  • Design, implement, and rollout DevSecOps automations and tool chain
  • Implement sensors to collect data on key metrics for statistics and reporting
  • Serve as the subject matter expert in Secure-SDLC and DevSecOps
  • Advise on the processes and standards that are designed to implement a company s Application Development Security Policy
  • Experience in designing Secure-SDLC processes and relevant tooling to support the processes
  • Experience in software/application analysis tools like SAST, DAST, SCA, IAST, RASP, threat modeling, etc.
  • Technical hands-on experience in automating and integrating analysis tools into the DevSecOps pipeline.

ADDITIONAL QUALIFICATIONS:

  • Identify application security requirements and brainstorm solutions
  • Assess the tooling and remediation of threats and vulnerabilities within our software/applications, and the hosting environment



Requirements

1. Do you have 5 years+ DevSecOps and Secure-SDLC work experience

2. Do you have a CISSP, CSSLP, cloud security, DevSecOps automation, or similar is required

3. Do you have post-secondary education or equivalent experience as a DevSecOps Engineer

7. Can you serve as the subject matter expert in Secure-SDLC and DevSecOps

8. Do you have the knowledge to advise on the processes and standards that are designed to implement a company s Application Development Security Policy

9. Do you have experience in designing Secure-SDLC processes and relevant tooling to support the processes

10. Do you have experience in software/application analysis tools like SAST, DAST, SCA, IAST, RASP, threat modeling, etc.

11. Do you have technical hands-on experience in automating and integrating analysis tools into the DevSecOps pipeline.

12. Must be a US Citizen or Green Card holder.



Benefits

Full

1. Do you have 5 years+ DevSecOps and Secure-SDLC work experience 2. Do you have a CISSP, CSSLP, cloud security, DevSecOps automation, or similar is required 3. Do you have post-secondary education or equivalent experience as a DevSecOps Engineer 7. Can you serve as the subject matter expert in Secure-SDLC and DevSecOps 8. Do you have the knowledge to advise on the processes and standards that are designed to implement a company s Application Development Security Policy 9. Do you have experience in designing Secure-SDLC processes and relevant tooling to support the processes 10. Do you have experience in software/application analysis tools like SAST, DAST, SCA, IAST, RASP, threat modeling, etc. 11. Do you have technical hands-on experience in automating and integrating analysis tools into the DevSecOps pipeline. 12. Must be a US Citizen or Green Card holder.ed

نوع التوظيف

دوام كامل

نبذة عن الشركة

الإبلاغ عن هذه الوظيفة
إخلاء المسؤولية: د.جوب هو مجرد منصة تربط بين الباحثين عن عمل وأصحاب العمل. ننصح المتقدمين بإجراء بحث مستقل خاص بهم في أوراق اعتماد صاحب العمل المحتمل. نحن نحرص على ألا يتم طلب أي مدفوعات مالية من قبل عملائنا، وبالتالي فإننا ننصح بعدم مشاركة أي معلومات شخصية أو متعلقة بالحسابات المصرفية مع أي طرف ثالث. إذا كنت تشك في وقوع أي احتيال أو سوء تصرف، فيرجى التواصل معنا من خلال تعبئة النموذج الموجود على الصفحة اتصل بنا