Accessibility Links

DevSecOps Engineer

  • Location: Alpharetta, GA
  • Salary: $150,000+
  • Job type: Permanent
  • Job reference: NFM/170000
  • Sector: Cyber Security, Privacy/Data Protection, Information Security
Job Description

Job description

The DevSecOps Engineer/Architect provides security solutions, risk analysis, application security patterns, threat mitigation guidelines, and incident response for the entire Product. You will work with Info security teams as a representative for the entire product stack and addresses the Security elements proactively from ideation phase thru roll out.  The ideal candidate will have an excellent understanding of networking protocols, and system architecture of popular tech stacks on front end, back end, data repositories and cloud.  As a part of continuous improvement, the candidate is expected to use the feedback from security/vulnerability analysis tools into platform improvements.   

What Part Will You Play?

  • Working with Infosec teams and Product Owners to achieve alignment between information security and business change objectives
  • Architecting, designing and providing implementation patterns of security controls throughout solution delivery lifecycle.
  • Design and develop generic security patterns and guidelines to enable applications stay compliant - integrate them Application and DevOps processes and CI/CD pipelines from early stages of the lifecycle 
  • Evaluate and onboard security tools such as RASP, WAF, SAST, vulnerability and open source scanning into the DevSecOps life cycle for multiple tech stacks 

What Are We looking for in This Role?

  • Experience working in an agile, DevOps/DevSecOps environment
  • B.S or M.S in Computer Science or other related engineering fields
  • 3+ years of experience working in a Software Engineering role with a solid foundation in programming, algorithms, and software application design
  • 2+ years of experience working in a Security role handling on premise and cloud infrastructures
  • 3+ years of experience with security testing at scale by building and implementing static and dynamic analysis tools, integrating security into CI/CD workflows for every day deployments
  • Experience with Kubernetes, AWS, SaltStack, Docker, and Kafka.
  • Experience converting feedback from security analysis tools (Threat Stack, Amazon Inspector, etc.) into infrastructure improvements

Preferred Qualifications

  • Hands-on experience with tools and technologies used throughout secure SDLC such as AppScan, Fortify, Veracode, WhiteSource etc.
  • Knowledge of common software and web application security vulnerabilities crypto primitives, authentication protocols and authorization standards such as SSL/TLS, OAuth, JWT tokens etc.
  • Knowledge of cryptographic principles and practice, security attack vectors and application security vulnerabilities such as SQL Injection, Cross Site Scripting, CSRF etc.
Related news