Position: Engineer IV – DevSecOps
This Cloud Security focused position will be part of Engineering Cloud Operations and the SRE team and will work closely with various technical and non-technical stakeholders in Engineering, Product, Regulatory and Compliance, IT, to design, implement, and support Cloud solutions. This role will drive the execution and enhancement of cyber security throughout hybrid, multi-cloud environments.
The DevSecOps engineer will have established hands-on experience in Cloud services (Azure, AWS, GCP), DevOps practices such as build/release management, secure SDLC to automate security processes in CI/CD pipeline. This position will help design, implement, and support Cloud solutions and processes with focus on Cloud security.
- Design, deploy and maintain cloud-first/services-first secure solutions in support of our next-generation services, leveraging DevOps principles
- Deep technical understanding of one or more of the following (AWS, GCP, Azure). Subject matter expertise in cloud security, security engineering, DevSecOps, including understanding of cloud native security services
- Partner with Cloud Engineering and Reliability Engineering team leads to create, implement and apply DevSecOps principles, processes and culture that are consumed by delivery teams across Engineering in public Cloud
- Drive the security architecture and implementation for APIs and Microservices deployed on Kubernetes Services
- Ensure Cloud environments are appropriately secured and compliant with regulations such as HIPAA
- Work with third parties and tools on Cloud security and compliance including regular security scanning, penetration testing
- Responsible for reviewing security findings and working with different teams on mitigating findings in timely manner depending on severity of the finding
- Provide cybersecurity subject matter expertise in various risk assessments, working in an Agile environment with an understanding of the full software development lifecycle.
- Advocate for and ensure appropriate security practices are communicated and implemented within their application security programs. Support adherence and awareness of these practices.
- Work with teams to bring continuous improvement to DevSecOps processes and tools.
- Be a trusted automation and tooling advisor for DevSecOps initiatives by providing objective, practical and relevant ideas, insights and advice.
- Assist application teams with onboarding to the adopted security tools/technologies; working with vendors to troubleshoot the platform and issues related to such integrations.
- Advocate appropriate cybersecurity software engineering practices such as unit testing, code reviews, full build testing, quality engineering practices and requirements capturing techniques to the teams to improve end to end cloud secure delivery practices.
- Partner with development and operations teams to facilitate practical automation solutions and custom modules. Troubleshoot automation issues and when required, engage the resources to find practical solutions that move projects forward in a timely manner.
- Deliver tasks based on project objectives; technically support projects through to completion.
Required Knowledge and Skills
- Experience in key and secret management systems, PKI, and encryption
- Experience with infrastructure automation and infrastructure as code platforms such as Terraform, ARM, CloudFormation or similar tools. Experience in threat detection, SIEM engineering, incident response and handling threat intelligence
- Experienced with penetration testing methodologies and red teaming
- Experience in creating and maintaining automation playbooks to analyze, detect and remediate various Cloud environments
- Basic Qualifications
- Bachelor’s Degree - Information Systems, Computer Science, Information Security, or Engineering.
- Minimum 8 years of experience in security with a degree; will consider minimum 12 years of experience in lieu of a degree.
- 3+ cloud security
- 3+years of multi-cloud cloud architecture experience in AWS or Azure or GCP
- A background in cloud security practices in at least one of the core Cloud Security Providers (AWS, Azure, GCP)
- Practical experience in design, operations, implementation and/or migration of workloads to the public cloud
- Proficient in securing containerized workloads
- Experience securing Kubernetes clusters, setting up configuration, security and compliance policies using open-source tools or commercial products.
- Working knowledge of environments covered by PCI, HIPAA, or FedRAMP controls and requirements
- Experience implementing data security and privacy solutions in Cloud
- Specialize in cloud native server less micro-service development to achieve event-based security to automate cloud infrastructure configuration drift reduction, integrate security monitoring, and orchestrate incident response procedures.
- Experience working with Developers, DevOps, and Engineering teams in a dynamic environment to promote/implement the DevSecOps program.