DevSecOps Consultant

Location: Irvine, California, United States
Salary: competitive
Sectors: Cloud
Job Type: Contract
Apply for this Job

This role requires a highly motivated and experienced leader focused on building security-by-design into the DevOps lifecycle through the deployment of security services, policy-driven development, compliance-as-code, API-first, and organizational alignment. A deep understanding of offensive security capabilities and the ability to help build a mindset of security into an organization's culture and technical environments are core to this role.

Responsibilities

  • Establishing alignment and fundamental understanding of DSO concepts and nomenclature across individuals and teams
  • Creation of content and building out an intranet website that would be central to the DSO guild for training on security policies and processes for the organization and to move towards "Pull not Push" for vetted artifacts
  • DSO evangelism and maturing and scaling the DSO transformation
  • DevSecOps Framework and "Guardrails"
    • Implement Shared Responsibility Model
    • Build Security-by-Design Pipeline
      • API-First, Policy-Driven Development, and Compliance-as-Code
    • Security Personas, Threat Modeling, and Pipeline Security
    • Measurements, Tooling, and Best Practices
    • Extending SBD principles into builds and deployment patterns
  • Pair programming and coordination with necessary teams to develop secure APIs
  • Pair programming and coordination with necessary teams to develop bounded isolated components of network, security, and infrastructure to move to a "pull" economy
  • Lead in standardizing tooling and automating security
  • Mentor and train on embracing a "trust and verify" mindset

Requirements

  • Expert experience with DevSecOps, InfoSec, and security engineering
  • Prior demonstrated leadership and management in a cross-functional security role
  • Proven track record developing, implementing and integrating security-by-design, security tools, and technologies and process integrations in cloud-based architectures
  • Prior experience working with application/product development teams on design and implementation of best practices for security as code
  • Knowledge of various security development lifecycle approaches and policy-driven development and compliance-as-code are required
  • Demonstrated experience in comparative technology reviews and analysis
  • Understanding strategic business objectives and the ability to drive results towards those objectives
  • Proven ability to work within a team environment and develop strong security engineering Leaders
  • Prior experience project-managing security control implementations
  • Prior experience in a technology company working closely with product and DevOps engineers on security requirements

Technical Qualifications

  • Experience with securing DevOps toolchains and CI/CD pipelines
  • Experience with secure microservice design patterns, and securing cloud-native applications
  • Experience with standards and compliance frameworks including DAST, SAST, IAST, RASP, ISO, SANS, OWASP, NIST, SSAE SOC, ITIL, etc.
  • Excellent written visualization and verbal communication skills
  • Experience in how to use information security platforms to expose full functionality via APIs for automatability
  • Experience with version control practices and tools for all application software and, scripts, templates and blueprints used in DevOps environments
  • Experience with an immutable infrastructure mindset where production systems are locked down and changed via development
  • Experience with vulnerability remediation and incorporating them into retrospectives to continuously improving the process of inter-team security remediations
  • Ability to write stories for functional and nonfunctional requirements (like security and performance), acceptance test criteria, and threat models
  • Experience with IAM and role-based access control to provide separation of duties
  • Experience designing and implementing risk and threat models for all applications

Sthree US is acting as an Employment Business in relation to this vacancy.

Apply for this Job