Resource will be responsible for supporting implementation and automation of security controls across cloud service providers, including containers & Kubernetes security, open source software security, CI/CD toolchain integration and secondary support for software security analysis.
Activities & Requirements
- Provide support and fine tuning of tools such as container workload security, SAST, and SCA
- Implement improvements in data collection, risk scoring
- Advise technical and application teams on control implementation, automation, and results remediation
- Implement pre-production software security controls, integrating into CI/CD and Secure DevOps practices
- Support any technical issues as they arise
Desired Characteristics
- Software security analysis, control implementation and results consulting with application teams – both commercial, open source and custom development – with modern software development frameworks, including Java. The addition of another framework - NodeJS, Python, .Net - would set a candidate apart.
- Engineering and support experience for containers (Docker/K8s/EKS/AKS),
- Engineering and support in a mature cloud (AWS and/or Azure preferred) based Secure DevOps architecture
- Strong experience developing and customizing solutions and/or scripting automation for DevOps or Cloud technology – Optimally including solutions such as inline field level encryption
- Experience working with agile methodologies and deliverables
Responsibilities
- Implementing an operations plan for key technology noted above, working with key application teams and Enterprise Vulnerability Management teams
- Provide detailed analysis of serverless software development capabilities in AWS and Azure
- Timely resolution of support issues as they arise
- Raise awareness on secure development best practices with internal security champions
- Improve documentation for key controls and standards