Our Global Information Security team’s mission is to ensure the development, implementation, and management of a comprehensive program that effectively protects the confidentiality, integrity, and availability of our information assets. Our team is comprised of security professionals with expertise in a diverse portfolio of security disciplines.

What you’ll do

• Collaborate with the DevOps team to design, implement, and manage a robust DevSecOps framework for our software development pipeline, integrating security tools and processes into our CI/CD workflows to enhance the developer experience
• Champion a security-first mindset within the development team, promoting secure coding practices and providing guidance on secure development methodologies
• Create security focused DevSecOps policies and standards and provide training and awareness to the development team
• Develop Key Risk Indicators (KRIs) to track security posture across business lines, measure progress and identify outliers
• Implement and manage security testing tools and processes within the CI/CD pipeline, including static application security testing (SAST), dynamic application security testing (DAST), software composition analysis (SCA), and open source security (OSS)
• Work together with the DevOps team to automate security controls and compliance checks within the development pipeline, ensuring adherence to industry best practices and regulatory requirements
• Troubleshoot and resolve security issues throughout the software development lifecycle
• Stay abreast of emerging security threats, vulnerabilities, and DevSecOps best practices to continuously improve our security posture

What’s required

• 7-10 years of experience in software development, DevOps, or security engineering, with a strong focus on DevSecOps practices
• Expertise in CI/CD tools such as GitHub, Jenkins, GitLab CI/CD, Azure DevOps, or similar
• Proficiency in infrastructure-as-code tools like Terraform or CloudFormation
• Strong scripting and automation skills using Python, Bash, or similar languages
• Experience with security testing tools such as SonarQube, SNYK, Nessus, Qualys, or similar
• Familiarity with containerization technologies like Docker and Kubernetes
• Knowledge of security best practices for cloud environments (AWS, Azure, GCP)
• Understanding of security frameworks and compliance standards such as NIST CSF, ISO 27001, SOC 2
• Excellent communication and collaboration skills, with the ability to work effectively in a fast-paced, agile environment
• Strong problem-solving skills and a passion for continuous improvement in security practices
• Commitment to the highest ethical standards