Dear connections,
We are #hiring for Senior DevSecOps Engineer(Manager Security Architecture and Engineering) !!
(7+yrs of Experience in Information security architecture, mitigation of threats, and compensating controls. ● Proven methods for analyzing and interpreting information from Security Operations Centers (SOCs), Computer Security Incident Response Teams (CSIRTs), or SecOps.)
Job Description:
Senior DevSecOps Engineer.(7+yrs Experience )
Full-Time
Location: Draper, Utah, United States(On Site)
Requirement:
As an information security DevSecOps Engineer on the Information Security team, you will be a vital member of a technical and hands-on security team supporting product offerings and the cloud infrastructure/services used. You will be a member of the Cloud and Application security team. Which is responsible for designing, deploying, implementing, automating, and operationalizing all aspects of application and cloud security for all business units across the enterprise. The DevSecOps engineer will work closely with DevOps Engineers and Application Developers to build a strong and scalable security program. You will focus on securing an enterprise multi-cloud environment where you will write sound policies and standards and build automation to support your mission of enabling engineers to operate securely by default. This position will work closely with the application security engineers and other security engineers to impact the entire engineering organization. You will perform hands-on work with all layers and pieces of the technology stack and actively monitor our systems for attacks and intrusions in both on-prem and cloud environments. You will utilize your experience to own and resolve complex security incidents, implement security toolsets as well as automate and operationalize these toolsets to maximize our risk management capabilities. You will address policy questions and resolve security issues of a technical nature and will work with our software engineers to proactively identify and fix security flaws and vulnerabilities in our production environments
RESPONSIBILITIES
●Drive the development, implementation, installation, and operationalization of information security toolsets, platforms, infrastructure, and services used to monitor and protect our team and business units. Such platforms and services could include: Code analysis (SAST/DAST/IAST) toolsets, vulnerability management for containers and cloud platforms, Log management/SIEM and security monitoring & detection, etc.
● Monitor and remediate cloud misconfigurations and monitor a multi-cloud environment for intrusions and indicators of compromise.
● Ensure the systems and platforms in our purview are integrated with the appropriate log management and performance monitoring capabilities and that alerting and automation processes are in place to address issues.
● Conduct technical, operational, and security/risk evaluations to identify coverage gaps in existing information security controls, corporate and production infrastructure, architecture, and processes. With your findings, propose suitable mitigations or compensating controls that address the concerns that fit the cultural and business needs of the team and organization.
● Respond to and investigate security incidents. Coordinate with leadership and Acima’s security operations team regarding findings and mitigations.
● Work with and support our Application Security Engineers' efforts to secure the product offering and the cloud platforms used to deliver the offering.
QUALIFICATIONS
● Bachelor's degree, a combination of experience and/or an associate’s degree, or an equivalent combination of education, training, and work or volunteer experience. Having (or planning to have) information security and cloud-related technology certifications are a plus.
● Securing public facing and consumer focused SaaS applications
● Security concepts in AWS and security tools such as Inspector, GuardDuty, Macie, Config, CloudFormation, CloudWatch, CloudTrail, Trusted Advisor, WAF, etc., while familiar with thirdparty alternatives (and when it is beneficial to use them).
● Writing and understanding infrastructure as code such as Terraform and AWS Cloud Formation.
● Scripting and automation using Python or similar languages.
● Implementing, Integrating, and tuning network and cloud security infrastructure, applications (web and mobile), as well as security tools and platforms, and the automation to operationalize them.
● Integrating security in the continuous integration, continuous delivery, and continuous deployment (CI/CD) pipeline for Networking as code and Infrastructure as code (running unit tests, running security tools, managing secrets and using tools such as Vault). You should also understand how to use configuration management and automation tools such as Jenkins, Ansible, etc.
● Monitoring, evaluating, and interpreting vulnerabilities/CVEs, risk, and security assessments, cloud platform/system/device/IDS/IPS logs, threat analysis and malware.
● Excellent oral and written communications skills for working with a diverse professional clientele with varying levels of technical expertise. Ability to interact with internal and external customers, leadership, and co-workers in person, virtually, and in writing.
● Researching highly technical topics and deriving logical conclusions using well-thought-out processes, eliminating bias and logical fallacies.
● Combining information from various sources into clear, concise technical documents that explain the background and procedures for detecting and mitigating risk. You should have an understanding of:
● Information security architecture, mitigation of threats, and compensating controls.
● Proven methods for analyzing and interpreting information from Security Operations Centers (SOCs), Computer Security Incident Response Teams (CSIRTs), or SecOps systems
● Digital forensics procedures and tools, malware analysis, and reverse engineering.
● Implementing and working with industry standards and guidelines relevant to the role and our industry, such as ISO, ITIL, NIST, SANS, CIS, ACIPA SOC1/SOC2/SOC3, and PCI.
● Possess and nurture a hacker mentality: Being able to visualize issues and possible solutions outside the box.
Email: gdevireddy@spearheadtech.io