DevSecOps engineer

Mandatory skill for DevSecOps role - Fortify / BlackDuck

Resposnible for coaching teams to adopt and implement DevSecOps practices. Acts as a change agent who helps set the vision, show the way, and provide thought leadership on removing impediments to DevSecOps success. Coaches and mentors sprint team resources at either the team and/or program levels, including Scrum Masters, Product Owners, Technical Leads and executives to leverage DevSecOps principles, engineering practices and frameworks to deliver high value business capabilities. Helps to coach the team on product management, design thinking, engineering culture, and DevSecOps. Serves as a subject matter expert on scaling DevSecOps development, embraces servant leadership, understands engineering practices and serves as a role model for the team to model DevSecOps behaviors and mindsets, which includes key mindset shifts in the journey to vulnerability management. Designs, develops, and facilitates training of DevSecOps practices to assigned teams. Performs evaluations, and reviews of processes and methodologies. Identifies strengths and continuous improvement recommendations of existing security processes.

Basic Qualifications:

Bachelor's degree, or equivalent work experience

10 or more years of experience in Information Technology environment

Knowledge of CI/CD, Java, Python, .NET, GoLang & JavaScript Frameworks

Professional Coaching certification, or equivalent work experience

Any Security certifications, or equivalent work experience

Security policy creation and automation

Working knowledge of system development lifecycle (SDLC) and process change/improvement

Preferred Skills/Experience:

Extensive experience with Agile engineering practices and techniques.

Experience communicating with leads (lead through influence).

Five or more years of experience with Agile frameworks (Scrum SAFE ) and support tools within an Agile solution environment working on large scale, multiple scrum team.

SRE :

Automation and CICD pipelines

Coding

Operating systems and networking

Deployment Strategies

Monitoring & Logging

Traceability

APM

Familiar with installing and operating applications and databases

Change and Incident Management

Chaos Testing

DevOps :

Automated Testing

Containerization

Kubernetes

Observability/Logging

GitLab Runners (or any CI/CD tool)

Sec Ops :

Threat modeling

Encryption

Access & Controls

CI/CD

Vulnerability triaging, prioritization, and remediation for the cloud.

Managing compliance violations

Security policy creation and automation

Solving loosely defined problems

Familiarity with developer day-to-day ecosystems

#J-18808-Ljbffr