Alpharetta, GA, USA | TSYS
Functions:IT / Information Technology
Job Description:71 people have viewed this job
We are looking for an experienced Developer to join our SecDevOps team. Must have a passion for securing applications and pipelines, knowledge of application security risks, and a willingness to share that knowledge with development teams.
The SecDevOps engineer will implement cutting edge security technologies inside SecDevOps pipeline processes. They will identify threats and risks, document remediation's, and teach their internal customers how to implement those remediations and how to prevent them in the future.
Ultimately, the SecDevOps engineer must be able to quickly assess risks in new architectures and applications, collaborate with development teams to address those risks, and help the development teams get their features and products to Production as quickly and securely as possible.
Experience in Full Stack development in an AWS environment, and a good understanding of Front- and Back-end system security, along with pipeline and Application Security is vital.
What Part Will You Play?
Working with Infosec teams and Product Owners to achieve alignment between information security and business change objectives
Architect, design and provide implementation patterns of security controls throughout solution delivery lifecycle.
Design and develop generic security patterns and guidelines to enable applications stay compliant - integrate them Application and DevOps processes and CI/CD pipelines from early stages of the lifecycle
Evaluate and onboard security tools such as RASP, WAF, SAST, vulnerability and open source scanning into the SecDevOps life cycle for multiple tech stacks
Contribute features to internally developed Information Security tools, and integrate those tools into the SecDevOps pipelines.
Drive continuous improvement to both the SecDevOps pipelines and processes, and to the Information Security tools, services, and processes
What Are We looking for in This Role?
Experience working in an agile, DevOps/SecDevOps environment
B.S or M.S in Computer Science or other related engineering fields
3+ years of experience working in a Software Engineering role with a solid foundation in programming, algorithms, and software application design
2+ years of experience working in a Security role handling on premise and cloud infrastructures
3+ years of experience with security testing at scale by building and implementing static and dynamic analysis tools, integrating security into CI/CD workflows for everyday deployments
Experience with Kubernetes, AWS, SaltStack, Docker, and Kafka.
Experience converting feedback from security analysis tools (Threat Stack, Amazon Inspector, etc.) into infrastructure improvements
Hands-on experience with tools and technologies used throughout secure SDLC such as AppScan, Fortify, Veracode, WhiteSource etc.
Knowledge of common software and web application security vulnerabilities crypto primitives, authentication protocols and authorization standards such as SSL/TLS, OAuth, JWT tokens etc.
Knowledge of cryptographic principles and practice, security attack vectors and application security vulnerabilities such as SQL Injection, Cross Site Scripting, CSRF etc.
What Are We Looking For in This Role?
TSYS Minimum Qualifications
BS in Computer Science, Information Technology, Business / Management Information Systems or related field
Typically minimum of 6 years - Professional Experience In Coding, Designing, Developing And Analyzing Data.Typically has an advanced knowledge and use of two or more opposing front / back end languages / technologies from the following but not limited to; two or more modern programming languages used in the enterprise, experience working with various APIs, external Services, experience with both relational and NoSQL Databases
Already a member? Sign In