Full-Time DevSecOps Engineer (m/f)
PwC is looking for a DevSecOps specialist to strengthen the capability of its DevSecOps practice.
In this role, you will act as a DevSecOps subject matter expert (SME) and deliver security-focused engagements with Development, Infrastructure and Information Security teams. You will help our IT teams to embed leading application and software security practices into the DevOps processes, as well as to develop the PwC DevSecOps methodology. The ideal candidate will be experienced in DevSecOps practices, Native Cloud, software engineering and have demonstrable experience of working with IT teams. The ability to communicate application & software security matters to business and IT leaders is a key value.
If you want to extend and develop you DevSecOps knowledge and to establish yourself as a leader in modern application delivery and software security techniques, this role is a unique opportunity!
As a DevSecOps Engineer (m/f), you will:
- Provide advices on security best practices and guide IT Teams in developing, adopting and enforcing security policies appropriate to our ecosystems;
- Act as a mentor for our development teams by helping them in the leading application development and security practices implementation;
- Review and enhance security architectural designs, blue prints and roadmaps;
- Create, review and implement security design patterns to support application architectures;
- Create and enhance CI/CD pipelines to include security tools and checks;
- Drive the development of DevSecOps toolkits, methodologies and accelerators;
- Determine security requirements, plan, implement and prepare codified security standards, policies, and procedures;
- Understand current compliance frameworks for cloud providers, as well as future trends;
- Translate customer business issues/opportunities into technical solution/business requirements;
- Perform manual security assessments and static code analysis against software source code, web applications and API’s across a variety of technology stacks;
- Maintain technical IT knowledge and certifications, share this knowledge with the junior team members;
- Work with colleagues in other services areas and support our cyber security needs.
- You have hands-on experience working within a DevOps environment;
- You have successful experience in helping enterprise deploy important workloads to the cloud or on premise;
- You have played a pivotal role in building and running the automated test cycle to ensure deployments are secure and compliant;
- You have experience identifying, assessing and providing remediation options for software, web application and cloud technology related security risks;
- You possess a solid understanding of native cloud security tools on one or more of the major cloud platforms;
- You have knowledge of cloud security principles;
- You have proven experience in building and securing CI/CD pipelines;
- You have experience using DevOps tools, such as Azure DevOps/Jenkins, Ansible, Git, Gradle, Docker, Kubernetes, Puppet, PKS, etc.;
- You have extensive experience with container orchestration;
- You are experienced with Agile methodologies such as Scrum, Kanban, and Lean;
- You have extensive experience of security focused Software Composition Analysis, SAST and DAST tools, such as Sonatype, Fortify, Veracode, Contrast, AppScan, etc., and can integrate them into automated pipelines;
- You have a detailed understanding of security operations and risks;
- You possess strong knowledge of microservice architectures’ and API based solutions;
- You have expert familiarity with multiple programming languages and secure coding practices;
- You hold or are actively pursuing security-related professional certifications like CISSP, CISM or CISA;
- You are fluent in written and spoken English and French;
- Cloud security certifications are desirable.
How to Applyhttps://pwc.to/2wbllko
775 total views, 7 today