DevSecOps Engineer, Consultant

at  Blue Shield of California

YOUR WORK:

In this role, you will:

• Evaluate and analyze the existing IT infrastructure, identifying areas for improvement and security enhancement.
• Design and implement secure, scalable, and automated cloud-based solutions on Microsoft Azure to support application deployment and management.
• Advocate for DevSecOps principles and practices within the organization.
• Lead the implementation of DevSecOps practices, including continuous integration, continuous delivery, continuous testing (CI-CD-CT), and automated testing, tailored for the Azure cloud environment.
• Collaborate with software development teams to integrate security controls and best practices into the application development process and to create robust testing strategies that cover functional, security, and performance aspects.
• Develop and execute test plans, test cases, and test scripts to validate software functionality and security.
• Encourage collaboration between development, operations, and security teams.
• Maintain comprehensive documentation related to testing processes, security findings, and remediation efforts.
• Generate reports on testing results, security assessments, and risk assessments.
• Create automated test suites and pipelines.
• Implement monitoring, logging, and alerting systems to ensure the security and availability of cloud-based infrastructure.
• Manage the configuration and infrastructure as code (IaC) using tools such as Terraform, Ansible, or similar, with a strong emphasis on security.
• Conduct security assessments, vulnerability testing, and ensure compliance with industry standards and regulatory requirements.
• Work closely with stakeholders to define and enforce security policies and access controls in the Azure environment.
• Develop and maintain documentation for security processes, procedures, and configuration management.
• Continuously improve testing methodologies and security processes.

QUALIFICATIONSYOUR KNOWLEDGE AND EXPERIENCE

• Bachelor’s degree in Computer Science, Information Technology, or related field. Master’s degree in Computer Science, Information Technology preferred.
• 5+ years of experience in DevSecOps field.
• Proven hands-on experience in cloud solutions and design for secure and compliant integration of applications on Microsoft Azure.
• Solid understanding of DevSecOps principles, CI/CD pipelines, and automation tools like Jenkins, Ansible, Jira, GitLab CI, BitBucket, or Azure DevOps, with a focus on security integration and automated testing at all stages.
• Strong knowledge of scripting languages (e.g., PowerShell, Bash, Python) for automation tasks, with an emphasis on security-related automation.
• Experience in implementing and managing containerized applications using Docker and orchestration platforms like Kubernetes, with security considerations in mind.
• Familiarity with infrastructure as code (IaC) concepts and tools such as Terraform or Ansible, with a focus on security best practices.
• Proficiency in cloud security best practices and implementing them in an Azure environment.
• Excellent problem-solving skills and ability to troubleshoot security-related issues.
• Preferred experience in leading digital transformation projects and cloud migration efforts with a strong focus on security.
• Understanding of and experience with AIOps concepts and tools like Prometheus, Grafana, or ELK stack, and platforms like OpsRamp or DynaTrace, would be strongly preferred.
• Experience with performance optimization as applied to cloud infrastructure and cloud application architectures.
• Experience with a wide range of Azure products and services, in domains such as Analytics, Data Warehousing, Databases, DevOps and Cloud Management toolset, Security, Storage etc. is preferred.
• DevOps certifications, such as Microsoft Certified DevOps Engineer Expert is preferred.
• Certifications in cloud security, such as Certified Cloud Security Professional (CCSP) or equivalent is preferred.

PHYSICAL REQUIREMENTS:

Office Environment - roles involving part to full time schedule in Office Environment. Due to the current public health emergency in California, Blue Shield employees are almost all working remotely. Based in our physical offices and work from home office/deskwork - Activity level: Sedentary, frequency most of work day.

JOB DESCRIPTIONYOUR ROLE:

As a DevSecOps Engineer in IT Quality Engineering Organization, you will play a crucial role in ensuring the security and quality of software products. As part of a Center of Excellence, your primary responsibility will be to establish best practices and standards for DevSecOps methodologies, ensuring a secure and seamless transition to the cloud environment. You will lead the implementation of DevSecOps best practices, specifically tailored for Azure, and collaborate with cross-functional teams to ensure security is integrated throughout the software development lifecycle. You will also organize training and provide mentoring to help others get up to speed on DevSecOps best practices. A strong focus on cloud solutions and design will be essential to support the seamless integration of applications on Azure.

In this role, you will:

• Evaluate and analyze the existing IT infrastructure, identifying areas for improvement and security enhancement.
• Design and implement secure, scalable, and automated cloud-based solutions on Microsoft Azure to support application deployment and management.
• Advocate for DevSecOps principles and practices within the organization.
• Lead the implementation of DevSecOps practices, including continuous integration, continuous delivery, continuous testing (CI-CD-CT), and automated testing, tailored for the Azure cloud environment.
• Collaborate with software development teams to integrate security controls and best practices into the application development process and to create robust testing strategies that cover functional, security, and performance aspects.
• Develop and execute test plans, test cases, and test scripts to validate software functionality and security.
• Encourage collaboration between development, operations, and security teams.
• Maintain comprehensive documentation related to testing processes, security findings, and remediation efforts.
• Generate reports on testing results, security assessments, and risk assessments.
• Create automated test suites and pipelines.
• Implement monitoring, logging, and alerting systems to ensure the security and availability of cloud-based infrastructure.
• Manage the configuration and infrastructure as code (IaC) using tools such as Terraform, Ansible, or similar, with a strong emphasis on security.
• Conduct security assessments, vulnerability testing, and ensure compliance with industry standards and regulatory requirements.
• Work closely with stakeholders to define and enforce security policies and access controls in the Azure environment.
• Develop and maintain documentation for security processes, procedures, and configuration management.
• Continuously improve testing methodologies and security processes