Posted: Wednesday, January 31, 2018 5:57 PM
The Principal DevOps/SecOps Engineer as a member of the Development Operations team will provide support and enhancements to our client's cloud security and information security program. Researching and developing vulnerability scanning solutions for Container:Based Applications and Ephemeral host security. Delivering and maintaining cloud initiatives from inception to production of all ECOMM and other applications solving complex technical issues, which are critical to our businesses such as distributed systems development, cloud native transformation, and much more.
:Assesses and understands clients current cloud security posture and future architecture, providing recommendations for vulnerability remediation and risk reduction.
:Evaluates security technologies for cloud environments in order to implement controls.
:Outlines automated security solutions for cloud delivery processes.
:Designs cloud security solutions to enable production security operations (SOC).
:Architect large:scale cloud environments using container and micro service technologies.
:Designs security capabilities in support of DevOps processes.
:Educates product and platform teams on secure coding practices.
:Performs threat models/risk assessments on large:scale cloud environments.
:Designs automated solutions to secure cloud development processes.
:Crafts and evangelizes secure cloud platform and product requirements.
:Serves as a security expert in application development, database, and micro service design, container and/or virtual machine technologies, helping project teams comply with enterprise and CISO security policies, industry regulations, and best practices.
:Researches, designs, and advocates new technologies, architectures, and security products that will support security requirements for the cloud and cloud:enabled products.
:Contributes to the development and maintenance of the information security strategy.
:Analyzes business impact and exposure, based on emerging security threats, vulnerabilities and risks.
:Communicates security risks and solutions to business partners, platform and product teams.
:Designs security configuration guidelines for information technology devices and systems, as well as mechanisms for assessing compliance with the guidelines.
:Extensive operations experience in either Linux or Windows operating systems.
:Strong experience with cloud provider ecosystems, including Amazon AWS, Microsoft Azure etc.
:Experience scripting with languages such as Python, Ruby, etc.
:Experience with security strategy, with a passion to make security realistic, achievable and interwoven with the business fabric.
:Experience with a broad range of security technologies, including nextgen firewalls, DLP, NAC, IDS/IPS, IdAM, certificate management, SIEM, endpoint protection, anti:malware, vulnerability management and cloud security.
:Strong oral, written, presentation abilities, and able to convey risk to all levels of the business, from C:level executives to operations and development teams.
:Strong business acumen with the ability to build business cases for technology initiatives and to effectively communicate the value proposition to non:technical stakeholders.
:Some proven ability in securing the CI/CD pipeline.
:Expert command of config management principles and an ability to code your desired state.
:A strong grasp of monitoring tools, approach and implementation.
:Recognition of the role security plays in PaaS and Continuous Delivery.
:Able to show examples of previous work exploiting containerized services.
:Proven experience in implementing software defined networking.
:Solid working experience of continuous integration practices and tools (Jenkins, Travis CI, etc.)
:An established history of working in agile teams.
:3:4 years in Cloud Computing
• Location: San Francisco
• Post ID: 94373052 sf