Sr. DevSecOps Engineer

at  ISG Search Inc

Sr. DevSecOps Engineer

Must Have:

• Must have 5+ years of experience working in Agile development, application security, orDevOps role, with experience in the following technologies:
• Containers (Docker, Kubernetes, or similar)
• Infrastructure as code (Vagrant, Docker, Ansible, Chef, Terraform, or similar)
• Continuous integration (Jenkins, Bamboo, Hudson, or similar.)
• Integration of Security testing tools into pipeline
• Defect tracking (Jira, Bugzilla, ServiceNow , or similar.)
• Source code management (GitLab, GitHub, BitBucket, or similar.)
• QA Testing tools (nUnit, jUnit, Selenium, Cucumber, or similar.)
• Application security testing tools (SAST, DAST, IAST, OSA, or similar.)
• Cloud environment (GCP, AWS, Azure,or similar)
• Must have 3+ years of experience in all of the following:
• Developing enterprise applications or scripts (writing code)
• Demonstrated ability to learn and adapt to different CI/CD systems and leverage them for automation as needed
• Performing manual application penetration testing
• Performing manual security code reviews
• Must hold or obtain within one year of hire or promotion one of the following certifications: CISM, GIAC, Open Group Certified Architect, CEH, CISSP.

Our client is…

• A global full-service digital consultancy firm. Their global team is dedicated to delivering seamlessly integrated strategies, immersive user experiences, cross-platform development, deployment, training, and ongoing support. They have a results-focused approach which allows them to understand the client needs, shape digital strategies, and forge a path to deliver business success.

Responsibilities:

• Provide technical leadership with respect to the development and execution of our key application security service offerings, including: conducting assessments of applications (web, cloud, mobile) using range of manual and automated penetration testing and source code review techniques;
• performing security architecture reviews of applications in design and production phases;
• identifying potential threats and attacks to applications systems through threat modeling;
• identifying security recommendations and aligning them to appropriate risk ranking systems;
• evaluating, developing; conducting the above with a specific focus on DevSecOps.
• Use current technology and tools to enhance the effectiveness of deliverables and services.

• Provide technical leadership with respect to the development and execution of our key application security service offerings, including: conducting assessments of applications (web, cloud, mobile) using range of manual and automated penetration testing and source code review techniques;
• performing security architecture reviews of applications in design and production phases;
• identifying potential threats and attacks to applications systems through threat modeling;
• identifying security recommendations and aligning them to appropriate risk ranking systems;
• evaluating, developing; conducting the above with a specific focus on DevSecOps.
• Use current technology and tools to enhance the effectiveness of deliverables and services