Contribute to the development of the Pipeline Security Standard
Collaborate with Development teams to identify security tools to automate scans such as SAST/DAST/IAST.
Enhance existing CI/CD Processes leveraging secure pipeline criteria, propose best practices, work with Engineering to streamline automation and remove manual processes.
Work with development to ensure a security-first culture and work instructions and processes to ensure verification.
Create Monitoring by providing key metrics and tools to monitor different static and dynamic systems
Analyze AWS Cloud Infrastructure usage and implement changes to increase security, management, and scalability
Train junior DevOps on best practices and propose future tool and procedure integration
Desired Skills:
Knowledge of DevOps, DevSecOps and Security Architecture with NIST CSF
Applicant must be proficient in the use, creation and security of CI/CD pipelines
Familiarity with IaC and CaC
Familiarity with AWS Cloud, Atlassian/BitBucket, etc. from a security perspective.
Understanding of SAST/DAST/SCA/IAST and impact of integration to the pipeline. One or more scanners like SonarQube, Snyk, OWASP ZAP.
Monitoring tools such as Prometheus, Grafana, etc. as well as AWS Monitoring.
Familiarity with Software development and Application Development with a deep understanding of secure coding principles.
Understanding of Quality Control and Test Automation in Agile-based Continuous Integration environments.
A strong understanding of cybersecurity principles, with a desire to stay up-to-date with the latest threats and trends.
Translate business requirements and context into secure, sound and efficient solutions.
Qualifications:
Bachelor's degree in Computer Science, Computer Engineering, Cyber Security, or other relevant field of study preferred.
8+ years of experience with CI/CD and DevSecOps technologies and practices, as well as working in Cybersecurity with a focus on secure application practices
4+ years of AWS DevOps
Good understanding of Windows Application and Web Security Architectures
Extensive experience working in Agile methodologies as part of an organization.