Sr. DevSecOps Engineer

The role of Sr. DevSecOps Engineer is to develop, manage and execute upon security initiatives focused on Edge and Application Security. As part of Office Depot’s DevSecOps team, you’ll be responsible for integrating security into the development of a diverse set of customer-facing applications. As a subject matter expert in this area, you’ll leverage various tooling to analyze the security posture of both systems & applications while working independently and collaboratively to apply remediations around insufficient security ratings. Through collaboration with software development and platform engineers, you’ll pre-determine attack signatures and threat models, apply corresponding mitigation policies, protect control points within the application stack and facilitate application vulnerability scans/remediations. You’ll also be challenged to demonstrate your automation proficiency by accelerating remediation efforts to continuously improve security response times across our variety of end-points.

This is an opportunity to shape and strengthen our Edge Security practice. The ideal candidates should have advanced coding skills in Java, Python, Shell and YAML, preferably with a minimum of 3-5 years of experience in all of these or similar languages. Candidates should have 3+ years’ experience in at least two of the following roles: Application Security Engineer, DevOps, Software Engineering, leveraging automation extensively to achieve key deliverables.

Primary Responsibility:

• Develop, tune, implement and support security configurations designed specifically for customer facing applications
• Web Application Security: Engineering, deployment, and operations of security policies with Akamai’s Web Application Firewall and Bot Management platform; including but not limited to creating WAF rules to mitigate threats.
• Develops automation for security implementations and workflow integration.
• Security Software Development: Scripting and Development in Python, Shell scripting and development in other languages.
• Develops advanced alerts/reports; including correlations, enrichments & dashboards that appropriately characterize web application attacks and mitigation mechanisms.
• Collaborates with key stakeholders within Security and Engineering teams; to develop specific use cases to address both business and application needs.
• Focus on professional development through our wide array of learning opportunities for continued growth within the Office Depot team

Education & Experience:

• DevSecOps Experience:
• Scripting experience: Python, Perl, Shell, YAML, RegEx
• Development experience: Java, Java Script
• DevSecOps experience in maintaining and enhancing infrastructure as code with CloudFormation, Terraform, Puppet, Chef, Jenkins, ADO
• Experience with using knowledge management and code repositories, including Github, Jira, and Confluence
• Experience with Lambda, API Gateway
• Application Security:
• Knowledge of SDLC processes
• Knowledge of open source and commercial application security tools and frameworks
• Experience with one or more of the following:
• Imperva Web Application Firewall
• Akamai (CDN, WAF)
• AWS (Cloudfront, Shield)
• Experience with Web Application Firewall; management, policies and rule-sets
• Experience in exploiting web apps and web services security vulnerabilities including cross-site scripting, cross-site request forgery, SQL injection, DoS attacks, XML/SOAP, and API attacks
• Excellent understanding of OWASP Risks, Vulnerabilities and Mitigation Mechanisms
• Well versed in system exploits (e.g. Buffer Overflows, PTH attacks, windows authentication framework etc.)
• Excellent understanding of common network and web protocols
• Excellent understanding of DDoS techniques and mitigation mechanisms
• Excellent understanding of Cyber Security Operations, Incident Response processes
• Infrastructure:
• System administration experience in a Windows and Unix environment
• Experience working in a large enterprise environment

Technical Competencies:

• Java, Java Script
• Python, Bash, Shell, YAML
• GitHub
• Atlassian JIRA
• CI-CD (Jenkins, Ansible, etc)
• Public Cloud IaaS & PaaS services (ie. Compute / Database / / Storage)
• Ability to create standardized and customized alerting & mitigation policies
• Web Application Firewall: Imperva, Akamai, Public Cloud
• Web Application Vulnerability Scanning
• HTTP / WebSocket
• Linux/Unix basics

At Office Depot, we offer our benefits around the 5 facets of Total Well-Being: Physical, Emotional, Work-Life, Financial, and Community. Here’s a look into what we offer:

Physical:

• Health Insurance
• Wellness Fairs
• Flu shots
• Fitness & Nutrition Programs
• Ergonomic Support
• Return-to-Work Programs

Emotional:

• Mental Health Benefits
• Support Programs

Work-Life:

• Location Events & Activities
• Onboarding Plan & ‘Buddy’
• Recognition & Rewards Programs
• Flexible Work Schedules
• Paid Holidays
• Paid Time Off

Financial:

• Retirement Programs
• 401(k) Match
• FSA/HSA Pre-Tax Benefits
• HSA Match
• HRA Funding
• Discounts/Perks
• Life/Disability Plans

Community:

• Charitable Giving
• Volunteering & Mentorship

At Office Depot, we offer our benefits around the 5 facets of Total Well-Being: Physical, Emotional, Work-Life, Financial, and Community. Here’s a look into what we offer:

Emotional:

• Employee Assistance Programs

Community:

• Associate Resource Groups focused on Diversity and Inclusion

As the working world continues to evolve, so are we. Shifting from an office supplies retailer to a business services platform is not a simple task, nor is it one we take lightly. It requires the diverse talents and contributions from each and every associate – all driven by our 5C culture of Customer, Commitment, Change, Caring and Creativity. We’re working together to make a difference, challenge the status quo, and be the trusted experts that help our customers manage their businesses. We’ve got 40,000+ associates to date – and we’re always looking to add great talent to our team. The once-in-a-lifetime opportunity to help transform our company to fuel the businesses and communities around us is knocking. Start your #LifeAtDepot and discover how you can be a part of the transformation.