Must / Activities and Responsibilities

Provide support and fine tuning of tools such as container workload security, SAST, and SCAImplement improvements in data collection, risk scoring
Advise technical and application teams on control implementation, automation, and results remediation
Implement pre-production software security controls, integrating into CI/CD and Secure DevOps practices
Support any technical issues as they arise
Desired Characteristics
At least 3 years software security analysis, control implementation and results consulting with application teams both commercial, open source and custom development with modern software development frameworks, including Java. The addition of another framework - NodeJS, Python, .Net - would set a candidate apart.
At least 2 years engineering and support experience for containers (Docker/K8s/EKS/AKS),
At least 2 years engineering and support in a mature cloud (AWS and/or Azure preferred) based Secure DevOps architecture
Strong experience developing and customizing solutions and/or scripting automation for DevOps or Cloud technology Optimally including solutions such as inline field level encryption
Experience working with agile methodologies and deliverables
Responsibities
Implementing an operations plan for key technology noted above, working with key application teams and Gas Power Enterprise Vulnerability Management teams
Provide detailed analysis of serverless software development capabilities in AWS and Azure
Timely resolution of support issues as they arise
Raise awareness on secure development best practices with internal security champions
Improve documentation for key controls and standards

Details Job Responsibilities

Overview
Individual will be responsible for oversight, maintenance, and improvement of support for secure devops practices and tooling. Resource will work with application and technology teams to ensure the vision of the Gas Power Secure DevOps practices is realized, and preventable software flaws are not introduced into production.

Scope
Resource will be responsible for supporting implementation and automation of security controls across cloud service providers, including containers & Kubernetes security, open source software security, CI/CD toolchain integration and secondary support for software security analysis.