DevSecops Engineer

Description:
We are seeking a highly motivated professional with experience in Security and Privacy to join our dynamic team. As a PSPO DevSecOps Engineer, you will help with threat modeling, application security posture management, security orchestration, vulnerability & weakness assessments to improve resilience of the organization and its product portfolio.

Develop security-as-code & policy-as-code pipelines

• Manage vulnerabilities (3rd party) and weaknesses (1st party) in products, evaluating the criticality for an adequate prioritization and providing the most suitable remediation, working directly with the product teams as a trusted advisor
• Conduct vulnerability monitoring, (on-demand) vulnerability scanning and other security testing activities
• Provide expertise to product teams and Affiliates to answer inquiries, pre-sales requests, contract negotiations and other cybersecurity-related customer support
• Contribute to initiatives within the Diagnostic Division to achieve the integration of defense capabilities into the development of new products and in the update/upgrade, maintenance and support of existing products in collaboration with Product Support teams.
• Develop and automate technical workflows for investigations and assessments for cyber security vulnerabilities and drive onboarding of new products in Vulnerability Monitoring,
• and provide training to relevant stakeholders in the organization regarding Vulnerability Handling and Incident Response.
• Develop, maintain and continuously optimize processes, playbooks and tools for Vulnerability Monitoring, Vulnerability Management, Incident Response, Threat Intelligence and Security Testing.
• Evangelize security and privacy developing Security Champions across departments involved in the product development and operations
• Maintain the product security controls and awareness supporting other PSPO Chapters (Solution Architecture, Product Support and Compliance/Privacy).
• Minimum 3 years of related work experience in SDLC & cloud ops
• Demonstrated soft skills: problem solving, leadership, communication, teamwork, flexibility and adaptability.
• Team player, proactive, self-driven, self-motivated, solution-oriented, hands-on.
• Demonstrated experience in Cloud computing technologies, full stack deployments etc.
• Demonstrated experience in K8S, AWS or GCP, Docker and other cloud native tools
• Demonstrated experience in Jenkins/ArgoCD/Tekton or another common CI/CD tool chain
• Demonstrated skills in Sigstore, SBOM, SLSA and secure software supply chain management.
• Ability to develop Terraform, K8S manifests or other forms of infrastructure as code
• Ability to codify Rego or Cedar policies
• Demonstrated experience in SAST & DAST tools (Checkmarx, Snyk, Mayhem, BurpSuite, ZAP etc)
• Demonstrated experience automating security controls (eg shell scripting, python)
• In-depth experience in managing information security and privacy risks and threat modeling.
• In-depth experience in vulnerability handling pre and post-market launch
• In-depth experience in system and cloud infrastructure hardening
• Strong understanding of industry standards: ISO 27000 family and HITRUST
• BA/BS in Business, Information Systems, Computer Science or a related relevant area of study is a plus
• Certifications are a plus: SANS GIAC (GCIH, GPEN, GCIA, GCFA and others) , CEH, CISSP, CISA, CISM, LA ISO27001