Senior DevSecOps Cybersecurity Engineer

  • Cox Communications
  • Spring Valley, NV

Full Time

    Job Description

    Senior DevSecOps Security Engineer

    Cox Communications is looking for a Senior DevSecOps Security Engineer who will report to the Manager, DevSecOps.

    Are you experimentation-driven, bold, result-oriented, customer-focused,? Do you want to help drive the adoption of security controls in the delivery pipeline? Are you excited to implement automated security solutions that will enable development teams to deploy secure software?

    As a member of the DevSecOps Team, you will have the opportunity to pioneer security architectures supporting the ability to deliver secure software. You will collaborate with security, development, operations, and infrastructure teams to build and implement automated security solutions that enable the "shift left" culture.

    What You'll Do

    • Build and manage services, tools, and integrations that will automate security controls within CI/CD pipelines.
    • Identify security gaps in DevSecOps architectures and toolchains and recommend enhancements.
    • Provide technical leadership to security, infrastructure, engineering, development, and business teams.
    • Assist with development of the DevSecOps strategy and roadmap across people, process, and technology.
    • Build relationships with development and operations teams and provide guidance on vulnerability remediation.
    • Perform upgrades and drive deployment of security solutions.
    • Create key performance indicators that track the progress and effectiveness of the DevSecOps program.
    • Design security compliance metrics that align with DevSecOps requirements and assist with driving enforcement.
    • Assist with triaging potential security incidents.
    • Assist with cybersecurity escalations and change management.
    • Create runbooks and document policies and procedures.
    • Work with vendors and maintain relationships.
    • Remain current with new cybersecurity trends, threats, and disruptive solutions and make recommendations to leadership.


    What's In It For You?

    Really good question, and we have some good answers that we hope you like.

    • We want you to feel cared for and respected (like you do with our customers), and that starts with Cox's highly competitive pay plus other compensation perks (401k + company matching, comprehensive medical benefits, etc.). We also offer discounted Cox services (in specific Cox markets), tuition reimbursement for academic pursuits, adoption assistance, paid time off to volunteer, childcare and eldercare resources, pet insurance and much more.
    • Good work should be rewarded, and not just with a healthy paycheck. The Cox culture is one that values people more than technology, so it's our goal to make sure you feel recognized for your contributions. It's also important to work alongside colleagues who "get you." At Cox, you'll find a workplace where relationships are crafted with care and successes are celebrated with high fives. We strive to create an environment where you can do you, and everyone from leadership to new hires can support and feel supported.
    • Growth is a good thing, and you'll have opportunities to learn and train so you can sharpen your skills and explore opportunities across the Cox family of businesses that will continue to challenge and empower you. In the future, you may have the opportunity to cultivate customer relationships in other sectors where we operate like cleantech, health care and new forms of transportation mobility.


    Who You Are

    Here is a list of the necessities for the job, as well as some "preferred" qualities that we hope you have as well:

    Minimum:

    • BA/BS in Computer Science, IT or a related field and 6 or more years of experience in related field, OR MS degree in a related field and 4 years related experience, OR PhD and 1 year experience in related field.
    • Previous experience as a DevOps/DevSecOps Engineer supporting applications and platforms running in private or public cloud (such as Rancher, Anthos, AWS, Google Cloud Platform, VMWare).
    • Deep experience within DevOps, CI/CD processes, SDLC, and related tools such as Jira, Jenkins, Artifactory, Bitbucket, GitLab, etc.
    • Experience with containers, enterprise container orchestration, and related tools such as Docker, Rancher, Kubernetes, and public cloud container services.
    • Understanding of security automation within DevOps and CI/CD processes including vulnerability identification and management.
    • Experience building and deploying infrastructure-as-code (IaC) and related tools such as Ansible, Terraform, Open Policy Agent.
    • Experience with creating regular expressions (REGEX), writing scripts in python or bash, and interacting with APIs.
    • Understanding of OWASP Top10, CVSS, the MITRE ATT&CK framework and the software development lifecycle (SLDC).
    • Good verbal and written communication skills needed to communicate complex problems, including root cause, to both technical and non-technical audiences.
    • Strong collaboration skills to effectively develop consensus and understanding among cross-functional teams on key security risks and vulnerabilities.
    • Ability to work under pressure, reprioritize, and adjust to changes in direction and deadlines.
    • Ability to balance multiple high priority projects and complete on time with minimal supervision.


    Preferred:

    • Experience integrating security solutions into CI/CD workflows and toolsets.
    • Experience with cloud workload protection platforms (CWPP) such as Palo Alto Prisma Compute, Aqua, etc.
    • Experience with SAST, DAST, secret scanning, and/or secrets management solutions such as Veracode, Snyk, Gitleaks, Hashicorp Vault.
    • Experience securing the software supply chain including implementation of appropriate controls across the SDLC and managing change along the way.
    • Big Four consulting background or Fortune 500 company experience.
    • Telecom/Cable industry experience.
    • At least one relevant security-focused certification - CISSP, CCSP, CKS, GCSA.


    #LI-108

    Join the Cox family of businesses and make your mark today!

    USD 105,700.00 - 176,100.00 per year

    About Cox Communications

    Cox Communications is the largest private telecom company in America, serving six million homes and businesses. That's a lot, but we also proudly serve our employees. Our benefits and our award-winning culture are just two of the things that make Cox a coveted place to work. If you're interested in bringing people closer through broadband, smart home tech and more, join Cox Communications today!

    About Cox

    Cox empowers employees to build a better future and has been doing so for over 120 years. With exciting investments and innovations across transportation, communications, cleantech and healthcare, our family of businesses - which includes Cox Automotive and Cox Communications - is forging a better future for us all. Ready to make your mark? Join us today!

    Benefits of working at Cox may include health care insurance (medical, dental, vision), retirement planning (401(k)), and paid days off (sick leave, parental leave, flexible vacation/wellness days, and/or PTO). For more details on what benefits you may be offered, visit our benefits page .

    Cox is an Equal Employment Opportunity employer - All qualified applicants/employees will receive consideration for employment without regard to that individual's age, race, color, religion or creed, national origin or ancestry, sex (including pregnancy), sexual orientation, gender, gender identity, physical or mental disability, veteran status, genetic information, ethnicity, citizenship, or any other characteristic protected by law.

    Statement to ALL Third-Party Agencies and Similar Organizations: Cox accepts resumes only from agencies with which we formally engage their services. Please do not forward resumes to our applicant tracking system, Cox employees, Cox hiring manager, or send to any Cox facility. Cox is not responsible for any fees or charges associated with unsolicited resumes.