Job Description –
DevSecOps (development, security and operations) Linkedin – Face to Face Interview
Onsite- Location: Arlington, VA
This job is open again as the candidate and agency misrepresented where he lived. He is in Texas and not Virginia. So, when they asked to schedule for in-person interview, he couldn’t make it as he is really in Texas. AGAIN, CANDIDATES MUST BE LOCAL TO ARLINGTON, VA as there is an in-person interview for this job.
-
MUST BE LOCAL to Arlington, VA as they have to interview in-person
-
Candidates must have some Python scripting experience for this role. If they are not able to do any coding (actually simple scripting), they are not the right fit for this job.
Manager is the tech lead for the trading system part of the bank. Their team is integrating in CICD pipelines that build applications and deploy
They are building security into that process. They use security testing tools into this pipeline.
Certifications (certifying the security not the person) and fixing issues to the development teams
They have automated the full process
RECRUITERS MUST RUN THIS CHECKLIST
They want a Security Dev Ops Engineer. Dev Ops processes, Jenkins. And Plugins with Jenkins and Groovy for writing scripts. To help with automation.
CICD pipelines and technologies for deployment and automation of processes – for that they need Python . <— MUST HAVE PYTHON very good in python (7-8 years experience in python)
Python is used for Automation. The job is about Automation.
What You’ll Do:
– Collaborate with a team of engineers to implement Brokerage specific security policies in the CI/CD security tools including but not limited to SAST, DAST and SCA applications.
– Work with Development, DevOps and Security teams to identify and develop automated security and compliance capabilities in support of DevOps processes.
– Define the security rules that needs to be adhered to at a code level in web and mobile applications written in Java, React, Objective C, SWIFT, Kotlin etc.
– With your development background and security knowledge, provide security guidance to developers in the form secure coding standards and guidelines.
– Support security standards, create templates and patterns to increase the efficiency and adoption of security program.
These skills will help you succeed in this role:
– Bachelor’s degree with minimum 8 years of work experience in the IT field
– 3+ years software development experience using Java, JavaScript
– 3+ years of experience in the following:
– OWASP Secure Coding Practices
– Common software and web application security vulnerabilities
– Application security scanning tools
– Continuous Integration/Continuous Deployment (CI/CD) processes and concepts using relevant technologies and tools (e.g., Jenkins)
– Experience in Python scripting
Even Better If You Have:
– A degree in Cybersecurity or CISSP/CSSLP certification or keen desire to move to security field
– Business acumen to support the implementation of SAST or DAST or IAST across the enterprise
– Ability to perform code reviews with minimal assistance
– A self-starter, with a strong desire for learning new technologies and applying them to solve problems
– Experience with two or more of the application build environments like Jenkins, Gradle, Maven.
– Familiarity with public cloud services a plus
– Experience with two or more of the Secure SDLC tools like Burp Suite, Fortify, Checkmarx, AppSec SE, Veracode, WhiteSource, Sonatype
– Experience with Threat Analysis.
– Experience with DevSecOps, Secure SDLC.
– DevOps container/orchestration tools (Kubernetes, Docker, Puppet, etc) is a plus
– Experience with evaluation, integration and onboard of security tools such as RASP, WAF, vulnerability scanner results, container analyzers, open source scanning etc is a plus.
From:
Shivam Pachauri,
Tek inspirations LLC
shivam.pachauri@tekinspirations.com
Reply to: shivam.pachauri@tekinspirations.com