Previous Job
Previous
Secure DevOps Engineering Resource
Ref No.: 22-01983
Location: Wayne, New Jersey
Overview
Individual will be responsible for oversight, maintenance, and improvement of support for secure devops practices and tooling. Resource will work with application and technology teams to ensure the vision of the Gas Power Secure DevOps practices is realized, and preventable software flaws are not introduced into production.

Scope
Resource will be responsible for supporting implementation and automation of security controls across cloud service providers, including containers & Kubernetes security, open source software security, CI/CD toolchain integration and secondary support for software security analysis.

Activities & Requirements
  • Provide support and fine tuning of tools such as container workload security, SAST, and SCA
  • Implement improvements in data collection, risk scoring
  • Advise technical and application teams on control implementation, automation, and results remediation
  • Implement pre-production software security controls, integrating into CI/CD and Secure DevOps practices
  • Support any technical issues as they arise
Desired Characteristics
  • At least 3 years software security analysis, control implementation and results consulting with application teams both commercial, open source and custom development with modern software development frameworks, including Java. The addition of another framework - NodeJS, Python, .Net - would set a candidate apart.
  • At least 2 years engineering and support experience for containers (Docker/K8s/EKS/AKS),
  • At least 2 years engineering and support in a mature cloud (AWS and/or Azure preferred) based Secure DevOps architecture
  • Strong experience developing and customizing solutions and/or scripting automation for DevOps or Cloud technology Optimally including solutions such as inline field level encryption
  • Experience working with agile methodologies and deliverables
Deliverables
  • Implementing an operations plan for key technology noted above, working with key application teams and Gas Power Enterprise Vulnerability Management teams
  • Provide detailed analysis of serverless software development capabilities in AWS and Azure
  • Timely resolution of support issues as they arise
  • Raise awareness on secure development best practices with internal security champions
Improve documentation for key controls and standards