Senior DevSecOps Engineer

Type
Full Time
Opening date
Closing date
16 Jan 2022
Views
103

The College Board, the national educational organization, is conducting a search for a Senior DevSecOps Engineer to join our DevOps & Application Security team. The College Board is rapidly transforming itself into an agile organization, embracing DevSecOps and cloud-native systems, and focused on improving speed and security of service delivery in support of our core mission. To enable this mission, the College Board is seeking a DevSecOps Engineer to drive the development of innovative and transformative security solutions in our DevSecOps and cloud transformation initiatives. The DevSecOps Engineer is a highly technical and creative contributor to a bleeding edge cloud and application security team enabling the agile development of secure and reliable cloud-based solutions.

***This position can be based 100% remotely (Working EST) or in our Reston, VA office***

What you’ll do

  • Act as a liaison between ISO Partner teams (both in IT and outside of IT) and the Information Security Office via regular engagements with assigned Partner teams.
  • Work to promote, grow and enhance the ISO Partners program to promote Security Champions and enable dev teams to shift left.
  • Mentor developers, through discussions, presentations, pair-programming, to demonstrate best practices in developing secure code and securing application infrastructure.
  • Perform analysis of application architectures and security patterns and participate in EARC sessions as needed.
  • Develop threat models in conjunction with architects and software engineering staff.
  • Implement security tooling and support common integrated development environments.
  • Participate and/or lead application vulnerability reviews and remediation.
  • Develop, understand, and provide input into metrics and KPI’s for assigned partner teams.
  • Provide risk assessments and data driven recommendations to management to increase or improve our security footprint.
  • Document and communicates application risks and vulnerabilities to technical stakeholders.
  • Develop and deliver Secure Developer Training, Workshops, and training opportunities to cultivate a culture of Shift Left Security
  • Assist Dev teams with the various platforms we support, the candidate will also support tool operations for our platforms.
  • Participate in planning and grooming as part of agile ceremonies and manage assigned Epics.
  • Supports CI/CD and build pipelines with an understanding of quality and security gates and enables integration of automated solutions to increase security.
  • Performs architectural reviews that are meant to identify and remedy architectural security flaws both as part of EARC sessions and in consulting engagements with dev teams
  • Identifies application security weaknesses and provides hands on recommendations to correct them to improve our security posture and drive down vulnerabilities in CB software applications.
  • Work with broader ISO team on incident response and operational/strategic initiatives.
  • Responsible for the use and operational maintenance of security-related systems and tools, actively works on tuning, enhancements, upgrades, and tool integrations.
  • Evaluates and promotes new and existing security standards, tools, and solutions with a focus on automation and securing build pipelines for a shift left approach.

Qualifications

  • Bachelor’s Degree in a related field plus additional related college courses or professional training.
  • 5+ years of progressively responsible, directly related, experience
  • One or more security certifications or a CISSP certification would be ideal

About you

  • Knowledge of secure development principles and of DevSecOps
  • Strong knowledge in cloud application development and Security
  • A thorough understanding of web protocols TCP/IP, UDP, HTTP, HTTPS, SSL, TLS, etc.
  • Protocol analysis and forensic analysis experience is a plus.
  • Experience with various programming languages (Java, node.js, Python, PHP, JavaScript, etc.).
  • Experience with the following source code repositories is a plus: SVN, GIT, Bitbucket.
  • Knowledge of common vulnerabilities such as cross-site scripting (XSS), session hijacking, SQL injection, CSRF (Cross-Site Request Forgery), OWASP Top 10, and other attack vectors.
  • Understanding of modern software engineering principles and practices as well as modern/Web 2.0/3.0 tools and frameworks.
  • Be familiar with common frameworks, spanning frontend and backend (Angular, Bootstrap, Node, Struts, Spring, ASP.NET MVC, etc.).
  • Experience with RESTful web services and API’s, Web Application Firewall (WAF).
  • Experience with microservices architecture
  • Experience with AWS and familiar with AWS services, components, and common architecture patterns. Familiar with AWS cloud architecture security.
  • Worked with Vendor SaaS and PaaS security products such as White hat Sentinel
  • DevSecOps or DevOps experience and CI/CD model
  • Windows and/or Linux hardening techniques
  • Traffic and log analysis from a security perspective
  • Familiar OWASP/ SANS application vulnerabilities
  • Experience with Secure Code Reviews Web and Application servers such as IIS, Apache, Tomcat
Report job · Embed widget

How to apply

Personalised job alerts

Set up personalised e-mail alerts about similar jobs.

See a few more

Related jobs in DevOps & SysAdmin

Report this job

The employer won't know who reported this job. Contact your local law enforcement for immediate help if someone is in danger or the victim of a scam.
All Job Ads are subject to Jobicy's Job Posting Policies. We allow users to flag postings that may be in violation of those terms. Job Ads may also be flagged by Jobicy. However, no moderation system is perfect, and flagging a posting does not ensure that it will be removed.

Job Widget Code

Place this code wherever you want the widget to appear on your page.

<script src="//jobicy.com/api/widget.js?5XyPbk5QqyZg=9610" async></script>

Job Search Safety Tips

Here are some tips to help you search and apply for jobs safely:
Watch out for suspicious jobs Don't apply for jobs that offer high pay for little work or offer to hire you without an interview.
Check the employer's profile Make sure you're applying for a trustworthy job by visiting the employer's profile and learning more about them.
Protect your information Don't share personal details like your bank account or government-issued ID on suspicious websites or messengers.
Report jobs that feel unsafe If you see a job that seems misleading, inappropriate or discriminatory, report it for going against our policies and we'll review it.

Share this job