Vacancy caducado!
Job Description - Application Security Engineer - Remote
A growing security team that is looking for someone to assist with their group right now. This role reports directly to the CISO and you will be responsible for getting involved in ALL aspects of security. This is NOT a pigeon hole type of organization - you will have an opportunity to work in a variety of different projects. Awesome manager!This is a special project for a new website the company is working on so there will be high visbility to executives.Position Summary: The DevSecOps Engineer is responsible for safeguarding the organization's Applications and Data, as well as assists in the execution of company information security strategy. The DevSecOps Engineer reports to the Chief Information Security Officer and uses a mix of soft skills (internal consulting, security subject matter expertise and security vendor management) and technical skills (security tool configuration, troubleshooting and administration) to meet the organization's security needs. The ideal candidate for this position possesses a broad skillset, with breadth and depth of experience in the application security field.Responsibilities: The DevSecOps Engineer's responsibilities include, but are not limited to:- Provide DevSecOps and Application Security requirements and consulting for enterprise projects including an in-flight project to rebuild the eCommerce platform from scratch on new technologies and platforms
- Build and implement DevSecOps processes, governance and reporting
- Implement and administer tools for DevSecOps (such as Veracode) as well as determine best tools for additional DevSecOps and Application Security needs for company.
- Responsible for streamlining DevSecOps pipeline, policies, and processes
- Provide guidance on secure CI/CD and API enabled delivery
- Experience with software development including software design and techniques.
- Experience with Cloud Security, IAM, Security Audit and Monitoring, Cloud Network Controls, Security Vulnerability Management, Security Incident Management, and Penetration testing.
- Work with developers to communicate and track critical security vulnerabilities within application code. Assist in automating code scanning and tickets for vulnerabilities.
- Experience working in cloud-based environments such as Google Cloud, AWS, and Microsoft Azure
- Implement best practices for SSDLC and for Application security
- Drive down risk by ensuring security issues are remediated in a timely manner
- Drive integration between development, security, and operational policies & standards across the DevOps lifecycle.
- Utilize Agile or Scrum methodologies to manage and support software engineering
- Experience with tools such as Atlassian Bitbucket, Confluence, Jira and other tools such as Dynatrace, Elasticsearch, Bamboo, Smartbear
- Ability to work a flexible schedule based on department and company needs
- Ability to work a 24/7 on-call rotation
- Ability to travel as needed (anticipated less than 10%)
- Other duties as assigned
- Minimum 3+ experience related experience in DevSecOps and Application Security
- Bachelor's degree in Computer Science, Management Information Systems or related field of study
- Security Certifications preferred (CISSP, CEH, CISA, CISM, GIAC, CRISC)
- Knowledge of regulatory requirements impacting information security, including PCI and SOX.
- Understanding of NIST cybersecurity standards and framework
- Prior development experience a big plus
- Excellent written and verbal communication skills. Ability to explain technical concepts to technical or non-technical personnel
- Must be able to work independently with minimal supervision
Vacancy caducado!