DevSecOps Principal Engineer
Overland Park, KansasJob ID R85976 Date posted Jan. 07, 2019
Job Posting Title: DevSecOps Principal Engineer
RSA creates a wide range of industry-leading products that allow customers to take control of risk. Whether those risks stem from external cyber threats, identity and access management challenges, online fraud, compliance pressure or any number of other business and technology issues.
As part of a strategic initiative, we are migrating one of our mission-critical hosted services to AWS, and as part of the journey we’re aligning to a modern DevOps methodology. To be successful, we need a seasoned security engineer who can work with the Platform Engineering team to ensure security controls are met and good security practices are in place during the migration and beyond.
You will be part of the Security Operations team, responsible for the implementation of necessary security controls, and will work closely with Engineering, Architecture, Infrastructure, DBA, Application Support, GRC, and our NOC teams. You will ensure that the Security Operations team has appropriate operational security controls, proper visibility into the environment, awareness of risks, and ability to respond to any incidents that may arise.
You will be expected to propose, develop and implement security controls and related automations to ensure Security Operations can successfully monitor the environment. You will have to understand operations and data flow across the full application stack as it currently exists in a mixed physical/virtual IaaS provider space as systems and data are migrated into the cloud. In addition, you will review/oversee DevOps operational processes and ensure that we are following proper security practices with a Security as Code mindset.
PRINCIPAL DUTIES AND RESPONSIBILITIES
- Work cross-functionally to ensure security and compliance of DevOps processes and methodology
- Ensure a clear security baseline on AWS cloud console and that environmental commissioning practices meet security standards
- Design and implement security landing zone along with R&D and Platform Engineering teams
- With guidance from the SecOps team and management, generate security KPIs, alerts, procedures, and reporting to ensure appropriate security controls are in place in the environment
- Utilize the appropriate mixture of existing Security Operations tools, AWS security services, third-party applications, and as needed develop security automation and methodologies to help us meet our goals
- Work closely with and guide the Platform Engineering team to be the onsite eyes and ears of the Security Operations team
- Ensure the security of customer data and service availability for a 24/7 mission-critical service line in the public cloud
KNOWLEDGE & SKILLS
- Clear understanding and your own ideas of what works best for securing and running scalable and highly available applications in public cloud infrastructures
- Experience with cloud automation tools such as Ansible, Puppet, Chef, etc.
- Experience with securing environments utilizing continuous development tools such as GitHub, Artifactory, Jenkins
- Experience with securing cloud SQL / NoSQL technologies
- Experience with securing containers and related container mechanisms such as Docker and Kubernetes
- Experience securing cloud storage containers and developing related security controls
- Experience gathering security logs from the cloud, AWS/Azure (e.g. Flow Logs, CloudTrail, CloudWatch, GuardDuty etc.)
- Experience with web servers and application stacks (e.g. Tomcat, JBoss, Nginx, Apache, .NET)
- Working knowledge of code pipeline tools is advantageous
- In-depth knowledge of one or more security frameworks including NIST, CSA, SOC2, etc.
- Experience working with sensitive customer data and critical operational services
- Working knowledge of Linux, Windows, virtualization stacks, databases, storage and networking devices
- Demonstrable knowledge of TCP/IP, HTTP, web application security, and experience supporting multi-tier web application architectures
- Problem solving skills and ability to work in a rapid paced, customer facing, 24/7 production environment
- Proven successful project management skills and technical leadership
- Excellent written and verbal communication and documentation skills
- Ability to work within a global team and strong work ethic, self-starter
- 5+ years of experience securing a mixture of traditional data center environments
- 2+ years of experience securing AWS environments built to AWS standards
- Experience with AWS/Azure cloud and traditional datacenters required
- Hands-on experience with security tooling automation required
- BS in CS, IT, or related field or equivalent work experience