The DevSecOps Engineer will be responsible for supporting the DevOps, Product Development, Architecture and Program Management organizations in developing a highly functioning application security program for proprietary and integrated, open source and 3rd party applications.
This role assumes full accountability for delivery of innovative technical solutions, allowing speed and ease of delivery in meeting security compliance efforts. The DevSecOps Engineer will provide outstanding collaboration, technical knowledge, and accurate and timely deliverables, including advanced troubleshooting, support, proper scoping, resource documentation and timely communication of security compliance deliverables.
The DevSecOps Engineer will be able to provide expert knowledge and support of deployment, delivery, and automation phases of the application security life cycle. This individual must be able to collaborate with the Product Development, IT Security and Audit, Risk and Compliance teams to proactively respond and effectively deliver reliable, well-designed application security solutions for proprietary, 3rd party and open-source libraries that integrate with Epiq’s products.
Job Roles and Responsibilities:
- Manage all application security initiatives for the Product Development teams.
- Collaborate in the development and implementation of specifications and configurations around application security products.
- Create proactive application security policies and procedures for scanning efforts.
- Work with Product Development and IT Security to proactively identify, troubleshoot, mitigate, and resolve security compliance vulnerabilities.
- Work closely with DevOps team to ensure application security policies are updated and integrated with software deployment solutions.
- Create and maintain up-to-date documentation.
- Proactively train Product Development and DevOps teams application security technologies used.
- Consult with project management and internal clients to determine project scope, timeline for project involvement.
- 2+ years work experience supporting, deploying, automating security polices and scanning efforts.
- B.S. Engineering / C.S. degree/DevSecOps, CISSP certification with equivalent experience.
- AWS/Azure Certifications desirable or related experience.
- Strong critical thinking and problem-solving skills that relate to application security.
- Strong initiative and ability to work with minimal supervision.
- Ability to quickly learn and support new applications and technologies from an application security perspective.
- Demonstrable knowledge of scripting and automating.
- Linux/Windows and other open-source OS and applications.
- Ability to stay current with emerging security scanning technologies.
- Strong communication and team interaction skills.
- Know the OWASP top 10 and understanding defensive coding techniques.
- Working with Agile and SDLC Product Development Teams.
- Working with IT Security Operations.
- Vendor relationship management.
- Strong scripting skills.
- Security Automation.
Knowledge & Skills:
- SOC2 and other Audit Risk and Compliance protocols.
- SAST, DAST, SCA, IAST.
- PowerShell/Linux shells.
- Windows and Linux operating systems.
- Multiple programming languages – .NET, C++ and Java.
- Ansible, Terraform.
- Cloud technologies (Azure/AWS.)
- Solid application to networking/infrastructure knowledge.
- 3rd Party scanning software
- Azure/AWS experience.