USA Jobs, Careers and Recuitements
Job Target Job Search

Contact Information

Contact Name: DAVE

Job Details: Lead Security DevSecOps Engineer Date: Oct 21 2019

Job Reference: 5022
Job Category: IT Jobs [ View All IT Jobs Jobs ]
Company Type Recruiter
Employment type: Full Time, Contract, Student
Degree: Bachelors
Experience: 3 years
Location: Costa Mesa, California, 92627
Job Skills: Lead Security DevSecOps Engineer
Share Job with Others

Job Tools

Job Description

The Lead AWS DevSecOps Engineer is a hands-on technical position responsible for architecting, designing and implementing automation to:
• Continuously improve the security of our e-commerce products
• Comply with a range of security requirements (internal and external)
• Respond to audit requests and requirements
• Manage cloud security tools such as Alert Logic, Redlock, Deep Security, Twistlock and Veracode
• Drive security standardization such as usage of the Cloud Security Alliance framework and the Center for Internet Security.
• Ensure tight security for an ecommerce platform including data encryption, Infrastructure security, environment scanning, etc.
• Partner with Experian Global Security office to ensure policies and standards are being properly applied
Based on a “developer self-service model”, our cloud-computing “Platform as a Service” product automates:
• AWS resource provisioning and management (based on immutable compute resources)
• Build pipeline supporting Continuous Delivery, including support for canary and blue green releases
• Container based delivery (Docker)
• Micro-service support (service registry, service-to-service authentication)
• Event management and analysis via logging and event data pipelines
• Instrumentation, monitoring, notification, and alerting
• Data pipeline from transaction support (Dynamo) to BI (RedShift)

The current Platform has been implemented primarily as “infrastructure as code”, so experience with Python, or equivalent deep experience with other scripting or infra-coding tools is essential. The Platform is being managed as a true software product (story backlog, product roadmap, developer involvement in product direction), so Agile Product Oriented Development experience is also important.

• Collaborate with the leadership team, Information Security, DevOps and Engineering teams to identify Platform needs and issues with respect to information security and compliance.
• Work with Development and Operations teams to ensure proper key management and encryption are used according to security best practices and compliance requirements.
• Collaborate with key third party security partners to implement best practices and processes.
• Define security architecture in collaboration with Product Architects and the DevOps engineering teams.
• Author Agile stories, estimate story points, assist with sprint planning and retrospectives.
• Architect, design and build security processes for multiple different platforms addressing security and compliance needs.
• Perform advanced security technical troubleshooting for cloud, e-commerce environments.
• Lead incident response initiatives, architecting and building reliable automated incident response processes.
• Technical point of contact for product/engineering teams as it relates to automation, CI/CD, and DevOps and/or DevSecOps.
• Build tools and automation scripts that enable developers and engineers to easily consume security as a services.
• Improve the accessibility of security through automation, continuous integration pipelines, and other means.
• Understand existing processes by identifying how to streamline them in order to improve the team efficiency and effectiveness as well as enhancing the overall security posture.

Education and Experience:

• Bachelor’s degree in Computer Science or other technical degree or equivalent experience preferred.
• Minimum of 10+ years experience in Information Security Engineering and/or Ops or DevOps roles, focused on supporting automated security solutions and architectures.
• Security certifications such as CISSP, CCSP, SANS GIAC* are a plus.
• Production experience with public cloud (AWS, Google or Azure – AWS strongly preferred).
• Fluency in Python or other programming or scripting language.
• Proficiency in software and systems design and architecture.
• Experience with a variety of open source technologies and tools in support of cross-team collaboration.

Qualifications Required:

• Strong knowledge of the DevSecOps tool chain on Linux/Windows/Docker platforms; Jenkins, TravisCI, Python/Ruby, Ansible, Puppet, Git, AWS cloudformation, etc.
• Strong demonstrated hands-on experience on implementing Security architectures.
• Experience deploying automation solutions in a public cloud environment with a focus on AWS.
• Strong knowledge of PCI/HIPPA and other security related standards and requirements.
• Experience supporting security audits.

Copyright © 2020 Jobxoom All rights reserved. Use of this site is subject to certain Terms and Conditions.