Join a fast-paced DevOps team that is responsible for all of our AWS cloud infrastructure and implement security automation throughout our infrastructure and SDLC. The role is responsible for securely implementing business and technical requirements of various teams within the organization while maintaining regulatory compliance with programs such as NIST, SOC2, and PCI.
The Senior DevSecOps Engineer adheres to standards, best practices, and internal processes and procedures, however, will also shape change, bringing both enhanced security and innovation to our systems. A “fail fast” approach is encouraged. The Senior DevSecOps Engineer will lead the current security initiatives (HashiCorp Vault, mutual TLS, SSO) to ensure our systems are robust, auditable, and resistant to external and internal threats of all types.
Engineers joining Information Technology Organization can expect to enjoy a culture embracing the concepts of Continuous Delivery, Total Quality Management, Knowledge Sharing, Personal and Career Advancement, Empowerment, Innovation, and Collective Ownership.
Duties & Responsibilities
Be the Subject Matter Expert of the technical requirements in compliance programs. (NIST, SOC2, PCI)
Collaborate with InfoSec to identify security improvements and develop a roadmap to implement the improvements using automation and DevOps tools.
Build and maintain HashiCorp Vault infrastructure and integrations.
Develop and maintain client libraries to integrate DevSecOps tools.
Develop Sentinel policies for HashiCorp Terraform.
Maintain, mature, and audit security processes in our code and infrastructure.
Automate and codify supporting security systems in all phases of the SLDC.
Participate in compliance audits as security SME.
Mentor junior team members and co-workers on security best practices.
Work and collaborate effectively in a geographically dispersed team.
Create and document standardized processes, procedures and policies.
Keep up to date on DevSecOps trends and best practices.
May need to work off-hours in response to production issues or high impact system changes
Requirements
Demonstrated AWS experience and/or AWS Associate Level Certification
Experience with AWS security and infrastructure best practices.
Experience with compliance programs such as NIST, SOC2, and/or PCI.
Experience with Kubernetes and securing container workloads.
Experience with the infrastructure automation tools HashiCorp Terraform and AWS CloudFormation.
Experience with security automation tools like HashiCorp Vault, AWS KMS, SSM, Secrets Manager, AWS Inspector.
Experience with a programming language such as python, nodejs, go, c# or java
Experience with networking concepts, terminology, and configuration
Experience with PKI infrastructure, authentication protocols like OIDC, OAuth, and SAML.
The ability to communicate with technical and non-technical co-workers, at all levels of the org chart
Flexibility. There are multiple Teams, all working on separate projects and individual schedules. The Technology Team often has to respond to incidents (system crashes, network outages, performance spikes) and juggle priorities, all while making steady, reportable progress on sprint objectives
Willingness to speak openly, honestly, and professionally in planning meetings, then accept the decision of the group (or group leader) and lean in with the Team to accomplish the set task
Recommended
AWS Professional level certification or Security Specialty certification
Demonstrated Systems Administration ability on both Windows and Linux
Experience with Active Directory and AD Group Policies
Some knowledge of different database platforms especially as implemented in the AWS cloud, and the SQL language