DevOps DevSecOps Architect

DevSecOps architects help integrate security into Agile/DevOps strategy and practices by using DevSecOps principles, processes, and tools. This TalentCloud is seeking experts who can build automation/infrastructure as code to enforce cloud infrastructure security. 

• Experts should be able to automate security processes into CI/CD pipeline
• Provide strategic direction and subject matter expertise for wide adoption of DevSecOps automation
• Build and maintain DevSecOps pipelines to adopt a shift-left paradigm for security testing (SAST, DAST, IAST, RASP, etc.)
• Develop and promote best practices for DevSecOps and secure CI/CD
• Help integrate security into Agile/DevOps strategy and practices by using DevSecOps principles, processes, and tools
• Build automation/infrastructure as code to enforce cloud infrastructure security. You will automate security processes into CI/CD pipeline
• Stay up-to-date on new security tools & techniques, and act as a driver of innovation and process maturity
• Conduct research and evaluate new DevSecOps platforms, components, tools, and processes for new projects and ongoing initiatives
• Collect security-related metrics and increase security visibility across the organization
• Deploy and manage security tools to cloud infrastructure platforms such as Google Cloud or AWS, through automation using infrastructure-as-code principles
• Work with teams to bring continuous improvement to DevSecOps processes and tools
• Building DevSecOps reference architectures, owning the technical engagement, and ultimate success around specific DevSecOps implementation projects
• Leverage Security Solution Architecture standards and frameworks to provide security guidance to the business partners and project teams from a specific business segment with goals of maturing and improving the overall security posture of the segment and cultivating a segment-wide culture of security–awareness
• Help manage and reduce security risks by developing global security controls to integrate into our DevOps pipelines
• Responsible for establishing current and long-term direction aiming at driving to the forefront of change to a DevSecOps culture
• Will also elaborate global policies and standards, provide security guidance on infrastructure designs and conduct risk assessments
• Lead, define and map digital architecture processes for designing large scale DevSecOps pipelines
• Coordinate DevOps security in order to assist IT teams in delivering secure infrastructure solutions with his/her security recommendations and requirements
• Ensure prevention and good management of technical, legal, and human security-related risks by elaborating and proposing improvements to security policies, guidelines, and standards with a global mindset
• Perform and participate in technical vulnerability assessments of systems currently in place in addition to security evaluations
• Create and maintain standards and documentation related to security processes, procedures, and infrastructure
• Participate in implementation or deployment of new tools, processes, and best practices in order to improve knowledge sharing and to raise security level while promoting security awareness
• Communicate with efficiency while delivering security needs and validating that appropriate security measures are in place
• Provide strategic direction and subject matter expertise for wide adoption of DevSecOps automation
• Build and maintain DevSecOps pipelines to adopt a shift-left paradigm for security testing (SAST, DAST, IAST, RASP etc.)

Required Skills

• Experience as a full-stack developer, with hands-on experience in DevSecOps practices
• Experience with CI/CD tools such as GitLab, Jenkins, Nexus, Artifactory
• Experience with software security, secure coding, or software assurance tools and techniques
• Demonstrated skill with at least one or more configuration management/scripting technologies such as Ansible, Chef, Puppet
• Experience with tools and technologies used throughout secure SDLC (e.g. Fortify, Checkmarx, Veracode, WhiteSource, Blackduck)
• Proven track record of securely architecting and owning cloud platforms such as (AWS, GCE, Azure) using Infrastructure as code techniques
• Experience with Linux Containers (Docker), Kubernetes, and deployment of containerized applications/microservices architectures
• Experience in Information Security, Networking or Security Risk Management
• Knowledge of Agile & DevOps methodologies
• Experience with Cloud Security (AWS, GCS, Azure)
• Stay up-to-date on new security tools & techniques, and act as a driver of innovation and process maturity
• Conduct research and evaluate new DevSecOps platforms, components, tools, and processes for new projects and ongoing initiatives
• Collect security-related metrics and increase security visibility across the organization
• Must have strong analytical skills and deep security subject matter expertise across platforms
• Exercise critical thinking in identifying external trends in information security threats and correlating to internal activity
• Hands-on experience in implementing security controls and agile, DevOps & DevSecOps delivery methodologies

Preferred Skills

• Experience developing software or scripting with Java, Python, etc.
• Certifications: One or more of the following CISSP, CISM, CRISC, GSEC
• Experience with ISO 27001-2, NIST 800-53, or other controls standards
• Solid knowledge of industry standards (ISO27002, PCI Compliance, NIST/DISA)
• Advanced knowledge of Application Security Architectures and Guidance