As a DevSecOps Engineer, you are part of a dedicated business and technical team responsible for delivering a cloud based, scalable, fault-tolerant, modernized business systems. Your mission is to design and implement a DevSecOps solution, including ensuring end-to-end automation of CI/CD pipeline. You will apply Agile best practices to collaborate and participate in creating user stories for test cases to ensure the delivery of solutions.
As a DevSecOps Engineer, it’s not just the technical skills you bring to solve technical problems, it is the mindset you bring to be part of a great team undertaking digital transformation. You must be pragmatic, results-driven and able to articulate complex security concepts to all audiences, ranging from technical contributors (inside and outside the company) to executive leadership. The Standard is on a multi-year program to modernize key infrastructure and business systems. These programs are in flight now and we are looking for an team member who is a security thought leader, consensus builder and a strong player & coach and builder of teams.
What You’ll Do:
- Engineer, Implement, and support public cloud security services such as:
- “Secure by default” functionality in CI/CD pipelines
- Ensure the implementation of monitoring, and infrastructure management in a cloud environment
- Participate in developing, implementing, and enforcing policies and procedure to enhance system security (i.e., Data protection processes and functionality, security and compliance monitoring, and infrastructure and application vulnerability management)
- Maintain highly available and resilient applications in a production environment
- Implement best practices based on industry frameworks such as OWASP Top 10
- Implement and maintain automation to support deployment and updates to security policies.
- Provide accurate and up-to-date information on all cloud services and serve as a consultant on how to solve business use cases.
- Ensure that solutions are deployed and consumed in a secure manner.
- Assist in determining the direction of current and future developments in the DevSecOps strategy.
- Work across development and operational environments.
- Stay abreast of software testing technologies and best practices.
Who We Want:
The candidate will be expected to advise and implement security technologies into a modern DevOps organization and instill a culture of security in the development of insurance products, technology infrastructure and services. We are looking for a technical player & coach with a demonstrated track record of:
- Communicating effectively to achieve alignment both within and without the immediate team
- Expert knowledge of Cloud security principles
- Ability to multitask and remain flexible to changing strategies and re-prioritized tasks
- Building secure infrastructures as code including microservice architectures
- Programming with scripting languages (i.e., Python, awscli, Bash, JSON, etc.)
- Executing on SOA principles
- Working knowledge of token-based authentication technologies (OAuth, OpenID Connect)
- Expert DevSecOps and secure coding practices
- Strong network and infrastructure security knowledge
- In depth Azure security functionality
- Cloud security and DevSecOps expertise is required
Strong Candidates Will Have:
- Modern technologist and thinker experience. Views security as an enabler, not an inhibitor to innovation.
- Experience solving identify and access management needs in networks and systems based on cloud infrastructure (AWS, GCP, Azure) and traditional enterprise environments (IT, endpoints, business apps).
- Experience building core IAM capabilities to include: IGA, PKI, UBA, password vaulting, MFA, and SSO.
- Values team building; coaching, mentoring and training a team.
- Humble, hardworking, forward-thinking values.
- Clear and concise communication abilities.
- General Security Industry Certifications (e.g. CISSP, CCSP).
- Secure Cloud and/or DevOps Certification (e.g. GWEB, GCSA).