Senior Specialist IT Security (Dev Sec Ops)

Company:

Marsh

Description:

DevSecOps & Secure-SDLC Engineer

What can you expect

Lead initiatives related to DevSecOps and Secure-SDLC.

Enhance the companys Secure Software development Lifecycle (Secure-SDLC) which in turn will reflect the companys Application Development Security Policy

Select and standardize application security tools. This includes vendor/tool assessments and full POC

Integrate Secure-SDLC requirements and other security policy/requirements into the DevSecOps processes

Define and enhance application security requirements and standards which must be designed for agile development methods leveraging traditional application architectures as well as cloud architectures and container workloads.

We will count on you to:

Advise the application security leadership on best practices and standards around application security tools with main focus on shift-left create predictable CI/CD pipeline processes and enable application teams to develop new capabilities securely and free from security defects by design

Assess security tools and related processes currently used within the various Software Development Life Cycle processes to identify improvements opportunities and rationalize the tools set

Select new application security tools including vendor/tool assessments and conduct full POC to prove that the security solutions/products are fit-for-purpose and fit-for-use

Draft documentations for the Secure-SDLC and DevSecOps to illustrate the frameworks and its process guidelines to internal customers ensuring the style is palatable and easy to navigate

Assess impact of new publications from the security industry (e.g. NIST 800-XXX ISO 2700X:2022 etc) on the companys AppSec programs

Research new trends and advise the application security leaderships on impact of the new trends as they relate to currently used tools tool chain roadmap efficiency and effectiveness of current processes etc.

Promote secure coding standard and all related processes

Promote the priorities set forth by Global Information Security function and the roadmap set forth by the Global Application Security

Automate and integrate security scan and analysis tools into the DevSecOps pipeline

What you need to have:

5 years DevSecOps and Secure-SDLC work experience

CISSP CSSLP cloud security DevSecOps automation or similar is required

Post-secondary education or equivalent experience as a DevSecOps Engineer

Develop/enhance and implement the Secure-SDLC framework

Design implement and rollout DevSecOps automations and tool chain

Implement sensors to collect data on key metrics for statistics and reporting

Serve as the subject matter expert in Secure-SDLC and DevSecOps

Advise on the processes and standards that are designed to implement a companys Application Development Security Policy

Experience in designing Secure-SDLC processes and relevant tooling to support the processes

Experience in software/application analysis tools like SAST DAST SCA threat modeling supply-chain etc.

Technical hands-on experience in automating and integrating security scan and analysis tools into the DevSecOps pipeline.

Experience in one or more programming languages

Familiarity with security frameworks (OWASP Top 10 SANS Top 25 CWE)

What makes you stand out:

Identify application security requirements and brainstorm solutions factoring in industry best practices

Assess the tooling and remediation of threats and vulnerabilities within our software/applications and the hosting environment

Marsh (NYSE: MRSH) is a global leader in risk reinsurance and capital people and investments and management consulting advising clients in 130 countries. With annual revenue of over $27 billion and more than 95000 colleagues Marsh helps build the confidence to thrive through the power of perspective. For more information visit or follow us on LinkedIn and X.

Marsh is committed to embracing a diverse inclusive and flexible work environment. We aim to attract and retain the best people and embrace diversity of age background disability ethnic origin family duties gender orientation or expression marital status nationality parental status personal or social status political affiliation race religion and beliefs sex/gender sexual orientation or expression skin color or any other characteristic protected by applicable accordance with the Accessibility for Ontarians with Disabilities Act 2005 Marsh will provide a reasonable accommodation to employees and prospective employees to the point of undue hardship upon request and as required in respect of the individuals particular restrictions and limitations. If you require a specific accommodation because of a disability or medical need please contact

Marsh is committed to hybrid work which includes the flexibility of working remotely and the collaboration connections and professional development benefits of working together in the office. All Marsh colleagues are expected to be in their local office or working onsite with clients at least three days per week. Office-based teams will identify at least one anchor day per week on which their full team will be together in person.

The applicable base salary range for this role is $126000 to $176000.

The base pay offered will be determined on factors such as experience skills training location certifications education and any applicable minimum wage requirements. Decisions will be determined on a case-by-case addition to the base salary this position may be eligible for performance-based incentives.

We are excited to offer a competitive total rewards package which includes health and welfare benefits tuition assistance retirement programs as well as employee assistance programs.

This is a New position.