Posted on Oct 22, 2021 by Request Technology
*We are unable to sponsor as this is a permanent full time role*
A prestigious fortune 500 company is on the search for a DevSecOps Architect. This architect will need to have extensive experience with cloud security across AWS, Azure, and Google Cloud. They need to have a great understanding of Containers such as Docker and Kubernetes. Also needed is experience with DevSecOps environments and familiarity with industry leading security frameworks.
- Security Consultation: Represent Information Security for IT projects and solutions
- Security analysis and guidance: Work with Architects and Infosec members to continuously benchmark company security posture, capability and maturity against Industry benchmarks.
- Security Standards and Solutions; working with Architects and SMEs, establish security standards to prevent later re-work while driving maturity, efficiency and effectiveness.
- Demonstrated experience in driving security maturity, effectiveness, automations, standardization, and efficiency across DevSecOps environments.
- 9+ years of IT Security Experience. Industry certifications are highly desired (ie CISSP, CCSP, CISSP/CCSK, or other vendor-specific offerings)
- Highly technical and analytical expertise, with a proven background in security technology design. This individual must be comfortable providing metrics, analysis, and quantitative/qualitative evidence.
- Cloud security expertise across leading cloud providers such as Amazon AWS, Microsoft Azure, and Google Cloud
- Understanding of containers (eg, Docker) and container orchestration technologies (eg, Docker Swarm, Kubernetes), and microservices architecture
- Understanding of CloudFormation, Terraform, Ansible, Jenkins, and other Infrastructure as Code solutions.
- Understanding of vulnerability management and secure development tools such as SAST, DAST, IAST, and SCA. Experience incorporating these offerings into CICD pipelines.
- Proficiency in frameworks such as MITRE ATT&CK and OWASP ASVS with the ability to articulate implications to the Development teams and DevSecOps environment.
- Understand OIDC/OAuth/SAML architecture and use patterns.
- Experience or background in NIST, ISO27001, NICE or other security-related control framework.
- Capable of Scripting in Python, Bash, Perl or Powershell ideal.