Sr. DevSecOps Engineer will participate in all phases of a typical DevOps pipeline: plan,code, build, test, release, and deploy. He/she will be scanning our networks, applications, and containers (images). In addition to the Vulnerability Management platform, this individual will support and/or serve as a backup for AWS WAF, Guard Duty, PagerDuty, and CloudFlair security platforms.
- Work independently with vendors and collaborate with colleagues
- Experience negotiating remediation timelines and/or remediate found issues independently
- Ability to implement vendor platforms within CI/CD pipelines
- Experience managing/responding to incidents, collecting evidence, and making decisions.
- Working with vendors and HM Teams to deploy criteria within WAF and fine tuning it according to applications’ needs
- Multitasking and continuous ability to provide a high level of concentration for assigned projects.
- Good working knowledge of AWS security in general and familiarity of the AWS native security tools
- The candidate should be experienced and articulate, who is not going to get discouraged, despite meeting roadblocks, and will continue promoting security within the company.
- Working knowledge of the Threat Management platforms
- Ability to create DevSecOps security requirements while working on a project
- Ability to articulate security requirements during the Architecture meetings and working hand in hand with HM Applications and DevOps Principal Engineers
- 3+ years’ experience with Tenable.io platform
- 3+ years’ experience with AWS orchestration via Terraform script
- 3+ years’ experience with CloudWatch/CloudTrail/Guard Duty
- 3+ years’ experience with AWS WAF
- 3+ years’ experience with CloudFlair
- 2+ years’ experience with DataDog
- Experience with PagerDuty
- Ability to make nuanced threat assessments
- Experience with the NIST family of Information Security-related publications including 800-37, 800-30, and 800-53
- Significant experience with PCI, SOC2, SOX, HIPAA, or other compliance Regimes