DevSecOps Engineer


  • Job ID:

    1664
  • Pay rate range:

    $55 - $65
  • City:

    Philadelphia
  • State:

    Pennsylvania
  • Duration:

    01/28/2019 - 01/28/2020
  • Job Type:

    Contract
  • Job Description

    DevSecOps Engineer / Software Security Engineer

     

    This key role is part of our clients Digital Infrastructure Engineering and Operations team. The ideal candidate will work internally with App/Dev/Platform teams and externally with their global security teams to ensure application and system security. This includes helping and guiding application development and platform teams to develop application with utilization of security best practices from ground up, implementing secure coding practices, helping security maturity in on premise and at public cloud environment being established in AWS/Azure to ensure security considerations are implemented and met for best practices.

     

    Key Functions:

    • Perform security assessment and compliance activities by using assessment tools and procedures
    • Facilitate implementation and execution of static, dynamic and run-time code analysis (SAST, DAST, IAST/RASP) and also work with application and internal teams for to ensure secure coding practices are implemented
    • Lead and respond to security-related incidents. Provide a thorough post-incident analysis including steps to minimize/remediate and fix the impact
    • Develop strategies to respond to and recover from a security breach
    • Investigate security breaches by conducting a technical and forensic investigation into how the breach happened and the extent of the damage
    • Participate and help facilitate Threat modelling workshops
    • Participate in security architecture review (SAR) / application security assessments to ensure all security design best practices and standards are met
    • Support the research of emerging technology, requisite security requirements, and emerging threats and develop way-forwards to meet organizational goals
    • 1-2 years' experience in Cloud Security with exposure to AWS / Azure Native Security
    • Familiarity and exposure to Network Security, Operating System Security, Web Security and End Point Security
    • Good understanding and familiarization with data encryption
    • Assist in evaluation, selection and implementation of encryption solutions and key management systems

     

    Qualification:

    • Proficient at the secure software development lifecycle and DevSecOps
    • Deep understanding of OWASP and SANS top vulnerabilities
    • Good understanding of identity, authentication and authorization systems
    • Good understanding of cryptographic trust based systems
    • Cloud security knowledge preferred
    • Data and database security
    • Knowledgeable in Federation, SSO, IDS, IPS, Host Based Firewall, WAF (Web Application Firewall), DNS, DHCP, HTTPS/TLS, SSH, Key Management, PKI, Tokens, SAML, OAUTH, Fido knowledge preferred
    • Knowledgeable in compliance standards like: PCI, CPNI, ISO 27001, FCC Regulations, SOX, Subscriber PII
    • Coding / Scripting experience required
    • Security expertise in one or more relevant areas
    • Proficient in using some of these Tools: SAST/DAST (Coverity, Fortified, IBM AppScan, Veracode, BurpSuite, Web Inspect), Wireshark, MobSF pen-testing framework, Needle, Inspeckege, Drozer etc, Code Repository (GitHub, TFS), Configuration mgmt. (Ansible, Terraform, AWS Cloud Formation)

     

    Experience

    • 10+ years of experience in security and technology based industry
    • 5 years of experience working with various security architectures
    • Industry Recognized Certifications in Security (a plus)
    • Certified Ethical Hacker CEH (preferred)
    • Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Licensed PEN Tester (LPT), Global Information Assurance Certification (GIAC), Certified Secure Software Lifecycle Professional (CSSLP)

     

    Education:

    • Bachelor's Degree in Information Systems, Computer Science, Management Information System, Cyber Security or Engineering

    #PCIT

Find and apply to
jobs on the go


Take our free app with you anywhere. Enter your phone number and we’ll send you the download link.

flag +1
mobile