Vacancy caducado!
UKG is seeking a talented DevSecOps Engineer to join our internal Global Security Research & Architecture team chartered to identify application security vulnerabilities within the UKG product lines. The goal of this team is to make sure that the code of our family of enterprise software applications is secure. This is a rare opportunity for the right DevSecOps Engineer to join UKG’s award winning team. You will be working alongside some of the best in the business. If you are qualified and want to join our top-rated team, apply online today. You will be focused on working with application project and development teams throughout the entire process. Here at UKG, Our Purpose Is People. UKG combines the strength and innovation of Ultimate Software and Kronos, uniting two award-winning, employee-centered cultures. Our employees are an extraordinary group of talented, energetic, and innovative people who care about more than just work. We strive to create a culture of belonging and an employee experience that empowers our people. UKG has more than 13,000 employees around the globe and is known for its inclusive workplace culture. Ready to be inspired? Learn more at www.ukg.com/careers
Primary/Essential Duties and Key Responsibilities:- Ensure that the Static Application Security Testing (SAST) environment is performing optimally
- Provide education and guidance about SAST tools and process best practices
- Ensure compliance with applicable Policies, Standards, Requirements and Directives
- Assist with audits to demonstrate compliance
- Schedule, scope and prioritize SAST assessments of applications
- Identify, document, rate, and communicate vulnerabilities to responsible teams
- Reproduce, demonstrate and retest vulnerabilities
- Maintain awareness of security issues amongst development community
- Continually improve SAST process and environment
- Provide expertise in Continuous Test/Integration/Deployment platforms
- Assist dev teams during release deployment and with periodic system/application patching
- Must have a bachelor's degree in Computer Science or related field
- 5+ years of information technology industry experience
- 4+ years of application security experience
- Must be familiar with OWASP top ten understanding of vulnerability governance and reporting
- Working experience with Software Composition Analysis (SCA) tools - Black Duck, Sonatype Nexus, etc.
- Working experience with Static Application Security Testing (SAST) tools - Fortify, Checkmarx, Veracode, etc.
- Experience in consuming APIs
- Fluent in scripting languages - Bash, Python, JavaScript
- Understanding of multi-tiered architecture
- Experience developing and testing apps in. NET or Java
- Experience with cloud security - Google Cloud Platform (GCP), Microsoft Azure, Amazon AWS
- Experience with code repository management platforms - GitHub, BitBucket, GitLab
- Must be a team player with great interpersonal skills
- CISSP (Certified Information Systems Security Professional) or other security certification a plus
- CSSLP (Certified Secure Software Lifecycle Professional) or equivalent experience
- SSDLC (Secure Software Development Life Cycle) or SDL (Secure Development Lifecycle) certification
- DGIAC GWEB (Web Application Defender) certification preferred
- No unique physical requirements
- 0-5%
Vacancy caducado!