Overview
On Site
Full Time
Skills
Risk Assessment
Database
Cloud Computing
Risk Management
Vendor Relationships
Procurement
Information Security
Security Policy
Design Review
Jenkins
Software Development
Threat Modeling
Git
Workflow
GitHub
Scripting
Python
Bash
Groovy
Terraform
Testing
SCA
OWASP
Docker
Orchestration
Kubernetes
Cloud Security
Amazon Web Services
Microsoft Azure
Google Cloud Platform
Google Cloud
Software Security
PCI DSS
Regulatory Compliance
Security Controls
System Security
Management
Nexus
Incident Management
Continuous Integration
Continuous Delivery
Security Architecture
FedRAMP
Cyber Security
NIST SP 800 Series
NIST 800-53
ISO/IEC 27001:2005
Privacy
Teamwork
Communication
DevOps
DevSecOps
IT Service Management
Innovation
Collaboration
Recruiting
Insurance
Finance
Professional Development
Training
Leadership
CompTIA
Customer Service
Career Counseling
Apex
Oracle Application Express
Job Details
Job#: 3010816
Job Description:
Description:
The Role
As a DevSecOps Information Security Architect you will be responsible for conducting security risk assessments along with designing, implementing, and maintaining robust security architectures specifically targeting DevSecOps in coordination with the Lumen business owners, the Governance, Risk, and Compliance team, and the Product and Platform Security team. The purpose is to ensure compliance with corporate policy, standards, procedures, and industry best practices. You will collaborate with cross-functional teams to design and implement security solutions that align with industry best practices and compliance standards.
The Main Responsibilities
Lead assessments of potential risks across enterprise and product infrastructure to include applications, databases, cloud, networks, and provide security requirements and recommendations for risk mitigation.
Develop and design new security solutions that reduce risk and align business requirements with security standards, particularly focusing on CI/CD pipeline integration.
Supports vendor relationships; leads vendor reviews through RFx process, working with Procurement and appropriate business partners on requirements and success criteria.
Consult as a DevSecOps security subject matter expert with architects, engineers, third parties and others on potential solutions.
Recommend new DevSecOps-oriented information security systems and controls to mitigate emerging threats and risks across the company.
Ensure reports and findings are delivered in a timely and appropriate manner to management, operations, and executive leadership.
Recommend new security policy, standards, best practices, and system configuration standards. Consult with internal clients on security topics and policy interpretation.
Coordinate activities across multiple departments and business units, emphasizing DevSecOps principals and practices.
Stay up-to-date with emerging security trends, vulnerabilities, and best practices, and recommend adjustments to security strategies as needed.
Section Title: What We Look For in a Candidate
What We Look For in a Candidate
10+ years of relevant experience, including threat modeling, security design reviews, and security architecture
Experience with CI/CD pipelines, such as Jenkins, Azure DevOps Pipelines, AWS CodeBuild, and GitHub Actions, including pipeline configuration, scripting, and security stage management.
Extensive knowledge of secure software development principles and threat modeling. Ability to guide and enforce secure coding practices throughout the development lifecycle.
Proficient use of Git-based workflows, including branch management, code reviews, and integrating security checks into pull requests. Understanding of core GitHub security features such as branch protection rules and GitHub Actions secrets management.
Skilled in scripting languages such as Python, Bash, or Groovy for automating security tasks and pipeline operations. Experienced with Infrastructure-as-Code tools like Terraform and Application Deployment tools like Helm. Ability to write custom plugins or integrations to extend CI/CD functionality.
Knowledge of integrating Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA) tools into CI/CD pipelines using an enterprise-wide approach. Experience with tools such as SonarQube, Checkmarx, OWASP ZAP, Snyk, or other security scanners.
Proficiency in containerization technologies, such as Docker, and orchestration platforms, like Kubernetes, with an emphasis on securing container images and runtime environments. An understanding of cloud security best practices within environments including AWS, Azure, or Google Cloud Platform, particularly concerning application security and CI/CD processes.
Understanding of regulatory frameworks (such as NIST, FedRAMP, PCI-DSS) and embedding necessary security and compliance controls into the CI/CD process. Capability to document and maintain security controls within System Security Plans (SSPs) or similar governance documents.
Experience in managing build artifacts with tools such as Nexus or Artifactory. Proficient in integrating dependency scanning and ensuring the integrity of build outputs.
Ability to implement monitoring within CI/CD pipelines to detect security anomalies or breaches. Familiarity with logging, alerting, and automated incident response within CI/CD contexts.
Experience with security architecture and deployment models.
Experience with securing highly sensitive data.
Demonstrate knowledge of security technologies, trends, leading practices, and regulatory requirements and government security standards such as FedRAMP and Controlled Unclassified Information (CUI) standards, along with best practices such as NIST Cybersecurity Framework (CSF), NIST 800-171, NIST 800-53, ISO 27001-27002 and other applicable security and privacy laws.
Strong teamwork and communication skills to collaborate with development, operations, and security teams. Ability to instill a security-first mindset throughout the organization.
Commitment to stay up to date with emerging DevSecOps trends, security vulnerabilities, and new tools that can enhance pipeline security. Willingness to experiment with and adopt innovative solutions to improve security posture.
Apex Systems is a world-class IT services company that serves thousands of clients across the globe. When you join Apex, you become part of a team that values innovation, collaboration, and continuous learning. We offer quality career resources, training, certifications, development opportunities, and a comprehensive benefits package. Our commitment to excellence is reflected in many awards, including ClearlyRated's Best of Staffing in Talent Satisfaction in the United States and Great Place to Work in the United Kingdom and Mexico.
Apex Benefits Overview: Apex offers a range of supplemental benefits, including medical, dental, vision, life, disability, and other insurance plans that offer an optional layer of financial protection. We offer an ESPP (employee stock purchase program) and a 401K program which allows you to contribute typically within 30 days of starting, with a company match after 12 months of tenure. Apex also offers a HSA (Health Savings Account on the HDHP plan), a SupportLinc Employee Assistance Program (EAP) with up to 8 free counseling sessions, a corporate discount savings program and other discounts. In terms of professional development, Apex hosts an on-demand training program, provides access to certification prep and a library of technical and leadership courses/books/seminars once you have 6+ months of tenure, and certification discounts and other perks to associations that include CompTIA and IIBA. Apex has a dedicated customer service team for our Consultants that can address questions around benefits and other resources, as well as a certified Career Coach. You can access a full list of our benefits, programs, support teams and resources within our 'Welcome Packet' as well, which an Apex team member can provide.
Job Description:
Description:
The Role
As a DevSecOps Information Security Architect you will be responsible for conducting security risk assessments along with designing, implementing, and maintaining robust security architectures specifically targeting DevSecOps in coordination with the Lumen business owners, the Governance, Risk, and Compliance team, and the Product and Platform Security team. The purpose is to ensure compliance with corporate policy, standards, procedures, and industry best practices. You will collaborate with cross-functional teams to design and implement security solutions that align with industry best practices and compliance standards.
The Main Responsibilities
Lead assessments of potential risks across enterprise and product infrastructure to include applications, databases, cloud, networks, and provide security requirements and recommendations for risk mitigation.
Develop and design new security solutions that reduce risk and align business requirements with security standards, particularly focusing on CI/CD pipeline integration.
Supports vendor relationships; leads vendor reviews through RFx process, working with Procurement and appropriate business partners on requirements and success criteria.
Consult as a DevSecOps security subject matter expert with architects, engineers, third parties and others on potential solutions.
Recommend new DevSecOps-oriented information security systems and controls to mitigate emerging threats and risks across the company.
Ensure reports and findings are delivered in a timely and appropriate manner to management, operations, and executive leadership.
Recommend new security policy, standards, best practices, and system configuration standards. Consult with internal clients on security topics and policy interpretation.
Coordinate activities across multiple departments and business units, emphasizing DevSecOps principals and practices.
Stay up-to-date with emerging security trends, vulnerabilities, and best practices, and recommend adjustments to security strategies as needed.
Section Title: What We Look For in a Candidate
What We Look For in a Candidate
10+ years of relevant experience, including threat modeling, security design reviews, and security architecture
Experience with CI/CD pipelines, such as Jenkins, Azure DevOps Pipelines, AWS CodeBuild, and GitHub Actions, including pipeline configuration, scripting, and security stage management.
Extensive knowledge of secure software development principles and threat modeling. Ability to guide and enforce secure coding practices throughout the development lifecycle.
Proficient use of Git-based workflows, including branch management, code reviews, and integrating security checks into pull requests. Understanding of core GitHub security features such as branch protection rules and GitHub Actions secrets management.
Skilled in scripting languages such as Python, Bash, or Groovy for automating security tasks and pipeline operations. Experienced with Infrastructure-as-Code tools like Terraform and Application Deployment tools like Helm. Ability to write custom plugins or integrations to extend CI/CD functionality.
Knowledge of integrating Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA) tools into CI/CD pipelines using an enterprise-wide approach. Experience with tools such as SonarQube, Checkmarx, OWASP ZAP, Snyk, or other security scanners.
Proficiency in containerization technologies, such as Docker, and orchestration platforms, like Kubernetes, with an emphasis on securing container images and runtime environments. An understanding of cloud security best practices within environments including AWS, Azure, or Google Cloud Platform, particularly concerning application security and CI/CD processes.
Understanding of regulatory frameworks (such as NIST, FedRAMP, PCI-DSS) and embedding necessary security and compliance controls into the CI/CD process. Capability to document and maintain security controls within System Security Plans (SSPs) or similar governance documents.
Experience in managing build artifacts with tools such as Nexus or Artifactory. Proficient in integrating dependency scanning and ensuring the integrity of build outputs.
Ability to implement monitoring within CI/CD pipelines to detect security anomalies or breaches. Familiarity with logging, alerting, and automated incident response within CI/CD contexts.
Experience with security architecture and deployment models.
Experience with securing highly sensitive data.
Demonstrate knowledge of security technologies, trends, leading practices, and regulatory requirements and government security standards such as FedRAMP and Controlled Unclassified Information (CUI) standards, along with best practices such as NIST Cybersecurity Framework (CSF), NIST 800-171, NIST 800-53, ISO 27001-27002 and other applicable security and privacy laws.
Strong teamwork and communication skills to collaborate with development, operations, and security teams. Ability to instill a security-first mindset throughout the organization.
Commitment to stay up to date with emerging DevSecOps trends, security vulnerabilities, and new tools that can enhance pipeline security. Willingness to experiment with and adopt innovative solutions to improve security posture.
Apex Systems is a world-class IT services company that serves thousands of clients across the globe. When you join Apex, you become part of a team that values innovation, collaboration, and continuous learning. We offer quality career resources, training, certifications, development opportunities, and a comprehensive benefits package. Our commitment to excellence is reflected in many awards, including ClearlyRated's Best of Staffing in Talent Satisfaction in the United States and Great Place to Work in the United Kingdom and Mexico.
Apex Benefits Overview: Apex offers a range of supplemental benefits, including medical, dental, vision, life, disability, and other insurance plans that offer an optional layer of financial protection. We offer an ESPP (employee stock purchase program) and a 401K program which allows you to contribute typically within 30 days of starting, with a company match after 12 months of tenure. Apex also offers a HSA (Health Savings Account on the HDHP plan), a SupportLinc Employee Assistance Program (EAP) with up to 8 free counseling sessions, a corporate discount savings program and other discounts. In terms of professional development, Apex hosts an on-demand training program, provides access to certification prep and a library of technical and leadership courses/books/seminars once you have 6+ months of tenure, and certification discounts and other perks to associations that include CompTIA and IIBA. Apex has a dedicated customer service team for our Consultants that can address questions around benefits and other resources, as well as a certified Career Coach. You can access a full list of our benefits, programs, support teams and resources within our 'Welcome Packet' as well, which an Apex team member can provide.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.