Experience Required

The DevSecOps Engineer role can sit remotely in the US.

The DevSecOps Engineer will act on behalf of the Firm's information security team to embed security controls and principles within the software development lifecycle. The role holder will serve as a bridge between security, development, and other technical teams to build secure CI/CD pipelines, contribute to IaC efforts, and provide expert consultation on matters affecting the security and development groups.  
 
Responsibilities:

  • Implement and oversee secure development practices across the Firm's technical teams with a primary focus on the Firm's development and IaC efforts 
  • Serve as a trusted advisor relative to tools, methods, controls, and control measurement
  • Identify technical and procedural gaps in the current environment and evaluate, implement, and oversee their remediation   
  • Architect, build, deploy, and maintain scripts, templates, and other components as needed to address secure process automation in a hybrid mode environment
     

Skills and Experience:

  • Computer Science Bachelor’s degree or substantial equivalent experience
  • CISSP, CCSK, CCSP, GSDC,GCSA, CDP
  • Extensive experience with the design, development, and general practices related to secure development
  • Extensive experience with IaC tools, Terraform, Ansible, Chef, Docker, Kubernetes
  • Comfortable with applying DevSecOps principles across PaaS (e.g. Kubernetes AKS/WebApps/Keyvault/etc.) and IaaS  (e.g. NSG's/VM's/etc.)
  • Experience with executing, interpreting and remediating findings associated with application security assessments and penetration tests
  • Strong knowledge and understanding of cloud security frameworks such as NIST, CSA, CCM, MITRE ATT&CK
  • Excellent knowledge of API security and microservices architectures.
  • Proficient with developing and utilizing scripts and other tools to automate application and infrastructure build, configuration, maintenance, and oversight tasks in a Microsoft-centric environment   
  • Experience with risk analysis, business reporting, and documentation
  • Experience with DAST and SAST tools and integration into SDLC
  • Proficient with Azure native security controls
  • Extensive experience with architecting Azure DevOps CI/CD pipelines containing robust security controls and oversight
  • Working knowledge of the principles, theories, techniques, and methods of information system analysis and programming.
  • Expert  knowledge of cloud security  technologies,  standards, and controls
  • Expert analytical skills, including the gathering and analyzing of facts, formulating objective conclusions modified by subjective and experience-based qualifiers when appropriate, defining problems, and promoting solutions
  • Ability to adapt, integrate, and modify existing programs or vendor-supplied package programs for use with existing information systems
  • Proficient in oral and written English
  • Ability to be productive and maintain focus without direct supervision

 

The base compensation for this position is targeted at $140K to $160K annually if located in New York City or in an office in the state of California.