DevSecOps Security Architect
Posted on Sep 24, 2021 by Request Technology - Craig Johnson
*We are unable to sponsor for this permanent Full time role*
*Position is bonus eligible*
Prestigious Fortune 500 Company is currently seeking a DevSecOps Security Architect. Candidate serves as the senior most expert within the Information Security discipline. Unlike traditional security functions, the Security Architect demonstrates a firm competence in the ability to evaluate security strengths and weaknesses across the broader enterprise, aligning to risk appetite, business requirements, and security control objectives.
This opportunity is focused primarily in the DevSecOps space and related technologies, as such the ideal candidate will offer extensive end-to-end expertise in the security hardening of technologies and services related to this focus.
- Security Consultation: Represent Information Security for IT projects and solutions
- Security analysis and guidance: Work with Architects and Infosec members to continuously benchmark company security posture, capability and maturity against Industry benchmarks.
- Security Standards and Solutions; working with Architects and SMEs, establish security standards to prevent later re-work while driving maturity, efficiency and effectiveness.
- Demonstrated experience in driving security maturity, effectiveness, automations, standardization, and efficiency across DevSecOps environments.
- 9+ years of IT Security Experience. Industry certifications are highly desired (ie CISSP, CCSP, CISSP/CCSK, or other vendor-specific offerings)
- Highly technical and analytical expertise, with a proven background in security technology design. This individual must be comfortable providing metrics, analysis, and quantitative/qualitative evidence.
- Cloud security expertise across leading cloud providers such as Amazon AWS, Microsoft Azure, and Google Cloud
- Understanding of containers (eg, Docker) and container orchestration technologies (eg, Docker Swarm, Kubernetes), and microservices architecture
- Understanding of CloudFormation, Terraform, Ansible, Jenkins, and other Infrastructure as Code solutions.
- Understanding of vulnerability management and secure development tools such as SAST, DAST, IAST, and SCA. Experience incorporating these offerings into CICD pipelines.
- Proficiency in frameworks such as MITRE ATT&CK and OWASP ASVS with the ability to articulate implications to the Development teams and DevSecOps environment.
- Understand OIDC/OAuth/SAML architecture and use patterns.
- Experience or background in NIST, ISO27001, NICE or other security-related control framework.
- Capable of Scripting in Python, Bash, Perl or Powershell ideal.