About the Company:
Our client is an American credit card processor, merchant acquirer and bank credit card issuer. They provides payment, processing, merchant, and related payment services to financial and nonfinancial institutions in the United States, Europe, Canada, Mexico, and internationally.
Our client is looking for an experienced Developer to join our SecDevOps team. Must have a passion for securing applications and pipelines, knowledge of application security risks, and a willingness to share that knowledge with development teams.
The SecDevOps engineer will implement cutting edge security technologies inside SecDevOps pipeline processes. They will identify threats and risks, document remediation, and teach their internal customers how to implement those remediations and how to prevent them in the future.
Ultimately, the SecDevOps engineer must be able to quickly assess risks in new architectures and applications, collaborate with development teams to address those risks, and help the development teams get their features and products to Production as quickly and securely as possible.
Experience in Full Stack development in an AWS environment, and a good understanding of Front- and Back-end system security, along with pipeline and Application Security is vital.
- Working with Infosec teams and Product Owners to achieve alignment between information security and business change objectives
- Architect, design and provide implementation patterns of security controls throughout solution delivery lifecycle.
- Design and develop generic security patterns and guidelines to enable applications stay compliant - integrate them Application and DevOps processes and CI/CD pipelines from early stages of the lifecycle
- Evaluate and onboard security tools such as RASP, WAF, SAST, vulnerability and open source scanning into the SecDevOps life cycle for multiple tech stacks
- Contribute features to internally developed Information Security tools, and integrate those tools into the SecDevOps pipelines.
- Drive continuous improvement to both the SecDevOps pipelines and processes, and to the Information Security tools, services, and processes
- Experience working in an agile, DevOps/SecDevOps environment
- B.S or M.S in Computer Science or other related engineering fields
- 3+ years of experience working in a Software Engineering role with a solid foundation in programming, algorithms, and software application design
- 2+ years of experience working in a Security role handling on premise and cloud infrastructures
- 3+ years of experience with security testing at scale by building and implementing static and dynamic analysis tools, integrating security into CI/CD workflows for everyday deployments
- Experience with Kubernetes, AWS, SaltStack, Docker, and Kafka.
- Experience converting feedback from security analysis tools (Threat Stack, Amazon Inspector, etc.) into infrastructure improvements
- Hands-on experience with tools and technologies used throughout secure SDLC such as AppScan, Fortify, Veracode, WhiteSource etc.
- Knowledge of common software and web application security vulnerabilities crypto primitives, authentication protocols and authorization standards such as SSL/TLS, OAuth, JWT tokens etc.
- Knowledge of cryptographic principles and practice, security attack vectors and application security vulnerabilities such as SQL Injection, Cross Site Scripting, CSRF etc.
- Competitive Healthcare Plans
- Flexible Work Arrangements
- Adoption Assistance
- Life Insurance Plans
- Flexible Spending Accounts
- Discounted Gym Memberships or Onsite Gyms
- Discounted Daycare Offerings
- Community Service
- Paid Time Off
- Job Development and Tuition Assistance
- Employee Assistance Programs
- Parking Assistance and Ride Share Programs