: DevSecOps / Senior Information Security Engineer (21004K)
: 10990 Roe Ave, Overland Park, KS 66211 or USA
: Remote for Now / Moving to Onsite / Flexible
YEARS OF EXP
: 5 Yrs.
AREAS OF EXPERTISE:
Security, AWS Cloud Security, DevSecOps, Containers (Docker/Kubernetes), CI/CD
• Initial interview will be w/ Hiring Manager - video call
• Interview w/ 1-2 technical resources
Responsible for the development and maintenance of security solutions and guardrails for infrastructure and applications running in cloud instances, focusing primarily on Amazon Web Services (AWS) and supporting CI/CD pipelines. This position works with business and IT leadership to define and recommend security solutions that meet enterprise standards, and then provides hands-on delivery of those solutions.
This position will require hands-on experience with the following AWS security toolsets: Identity Access Management, Key Management, Security Groups, Network ACLs, Service Control Policies, CloudFormation, GuardDuty, Config, etc.
ESSENTIAL DUTIES AND RESPONSIBILITIES
- Provide cloud and software architecture security guidance, including developing threat models and methodically protecting against business logic and design flaws that could introduce security vulnerabilities.
- Work with information security, technology, and business leadership to develop and implement strategies to enforce security requirements and address risks for workloads deployed in cloud services and their supporting CI/CD pipelines.
- Coordinate, develop, and communicate information security standards and documentation for cloud services and supporting CI/CD pipelines.
- Support the planning and execution of the application security testing and evaluation program with possibility to mentor peer team members
- Perform periodic quality assurance to ensure that system, network, and application configurations meet security standards.
- Report to management concerning residual risk, vulnerabilities, and other security exposures, including misuse of information assets and noncompliance.
- Work with business units and with other risk functions to identify security requirements, using methods that may include risk and business impact assessments. Components of this activity include but are not limited to business system analysis and communication, facilitation and consensus building.
- Advise and consult internal clients on appropriate application of security practices and existing security services to solve problems or enable new business opportunities.
- Play a senior advisory role in application development or acquisition projects to assess security requirements and controls and to ensure that security controls are implemented as planned.
- Collaborate on critical IT projects to ensure that security issues are addressed throughout the project life cycle.
- Lead members of the information security team in working with IT to identify, select and implement technical controls.
- Actively coach and mentor others, is openly considered a mentor by other team members.
- May act as a team lead for key areas of expertise and drive key projects or ongoing operational functions.
- Adaptability - Maintaining effectiveness when experiencing major changes in work responsibilities or environment (e.g., people, processes, structure, or culture); adjusting effectively to change by exploring the benefits, trying new approaches, and collaborating with others to make the change successful.
- Building Trusting Relationships - Using appropriate interpersonal styles to establish effective relationships with customers and internal partners; interacting with others in a way that promotes openness and trust and gives them confidence in one’s intentions.
- Collaborating - Working cooperatively with others to help a team or work group achieve its goals.
- Communication - Conveying information and ideas clearly and concisely to individuals or groups in an engaging manner that help them understand and retain the message; listening actively to others.
- Continuous Learning - Actively identifying new areas for learning; regularly creating and taking advantage of learning opportunities; using newly gained knowledge and skill on the job and learning through their application.
- Initiating Action - Taking prompt action to accomplish work goals; taking action to achieve results beyond what is required; being proactive.
- Work Standards - Setting high standards of performance for self and others; assuming responsibility and accountability for successfully completing assignments or tasks; self-imposing standards of excellence rather than having standards imposed.
- Minimum of five (5) years' IT or network security experience.
- Bachelor's degree in information systems or equivalent work experience.
- Extensive knowledge and hands-on experience working with Amazon Web Services and related security technologies from ideation to finished production product.
- Experience and understanding of CI/CD pipelines, Infrastructure as Code, Automation, and Orchestration.
- Excellent technical knowledge of security technologies, such as application/pipeline security, network security, monitoring, incident response, identity and access management systems, anti-malware solutions, and automated policy compliance tools.
- Hands-on experience evaluating the security of applications using both manual and automated techniques.
- Experience making and defending sound technical arguments that incorporate relevant technical and business considerations and building consensus among stakeholders.
- Knowledge/hands-on experience in implementing DevSecOps (enabling security in DevOps).
- Knowledge of the fundamentals of project management, and experience with creating and managing project plans, including budgeting and resource allocation.
- In-depth knowledge of risk assessment methods and technologies.
- Proficiency in performing risk, business impact, control, and vulnerability assessments.
- Experience in developing, documenting, and maintaining security policies, processes, procedures, and standards.
- Strong leadership abilities, with the capability to develop and train junior information security engineers, guide team members and to work without supervision.
- Advanced degree in information security, network security or IT security a plus.
- CCSK, CCSP, or other cloud specific security certifications preferred.
- Container experience with Docker and Kubernetes is a plus.
- Competitive pay based on experience
- Employee selected medical, dental, and vision coverage for you and your family
- PTO and paid holidays
- 401k Retirement Plan