DevSecOps in Atlanta, GA at HUNTER Technical Resources

Date Posted: 3/13/2020

Job Snapshot

Job Description


We are seeking an experienced senior information security engineer with a specific background in Security DevOps (SecDevOps). The security engineer will be responsible for integrating security in the Continuous Integration and Continuous Deployment pipeline. The ideal candidate will have a passion for cybersecurity and developing/automating creative solutions to support our Agile development methodology.


Responsibilities:
  • Integrating sound security practices into the Software Delivery Lifecycle (SDLC) including static and dynamic code analysis, integrated application security testing, and code reviews.
  • Understanding of web application security and common vulnerabilities (OWASP Top 10), including XSS, CSRF, and Injection.
  • Deploying and securing containerized distributed system solutions such as Docker and Kubernetes
  • Experience with configuration management tools (Chef, Ansible, Puppet, Salt) and automated provisioning and deployment
  • Hands-on experience with DevOps deployment strategies and tools (such as Jenkins)
  • Advanced programming capability in one or more scripting languages (Python, Ruby, Perl)
  • Ability to perform high-quality alert triage and investigation of malicious and anomalous network traffic
  • Effective and timely response to internal and/or external threats, events, and incidents
  • Lead engineer on CI/CD security initiatives and recommendations for secure application and systems delivery


Requirements:
  • Bachelor’ s of Science in Computer Science, Information Security (Cybersecurity), Information Systems, or a related technical field
  • Minimum of 5 years’ combined experience in an Information Technology discipline (Systems Administration, Network Engineering, Software Developer, DevOps Engineer) and Security Engineering role.
  • IT security certifications (SANS GIAC, CISSP, OSCP, RHCSA or RHCE, MCP or MCSE ) are a plus
  • Detailed knowledge of network and Web-related protocols (e.g., TCP/IP, IPSec, HTTP, SSL/TLS, DNS, etc)
  • Network and security engineering experience, including log and network traffic capture analysis.
  • Experience in one or more technical forensics and/or malware analysis tools.
  • Identification and remediation of OS and network security weaknesses and vulnerabilities.
  • Understanding of encryption and cryptographic protocols, including Public Key Infrastructure
  • Effective writing skills; ability to produce clear, concise and high-quality technical and business documents.
  • A strong sense of accountability and self-motivation and a desire to work collaboratively in a small, cross-functional team.
  • An ability to think critically and an aptitude for problem-solving.
  • Adherence to PCI mandated Change Management Process

Preferred Skills:
  • Experience with Security Information and Event Management (SIEM) platforms such as Splunk or ELK SIEM.
  • Ability to move seamlessly between a hacker/attacker mindset and a security engineer/defender mindset
  • Financial industry experience (PCI Data Security Standard)
  • Hands on experience with penetration testing and vulnerability management tools such as Nmap, Nessus, OWASP ZAP, Burp Suite, Kali Linux, MetaSploit