The Principal DevSecOps Engineer supports web-based Cloud software applications, shared services, and hosting platforms for the Dental Software Organization. We are looking for a DevSecOps Engineer who has a keen eye toward automation and continually improving the security, availability, and scalability of our applications. This engineer will work with the latest Azure technologies. The DevSecOps Engineer focuses all aspects of security during the application life cycle, processes and sets direction with process workflows and improvements with system engineers, software engineers, and technical architects. This position advocates for security-first principles, constantly assess the threat landscape and adapting quickly to manage enterprise risk, as well as integration, configuration and deployment requirements.
To perform this job successfully, an employee must be able to perform each essential function satisfactorily, with or without reasonable accommodation. To request a reasonable accommodation, notify Human Resources or the manager who oversees the position.
• Builds relationships with developers, stakeholders, and technical leaders to incorporate security principles into engineering design and deployments.
• Oversee implementation of defensive configurations and countermeasures across cloud infrastructure and applications.
• Drafts and uphold Secure SDLC strategy and practices in tandem with other technical team leads.
• Partners with the Application Security team in implementing services and tools to enable developers and engineers to easily use security components produced by application security team members.
• Simplify automation that applies security inter-workings with CI/CD pipelines.
• Support the ability to “shift left” and incorporate security early on and throughout the development lifecycle including threat modeling and developer IDE security features.
• Assist prioritization of vulnerabilities identified in code through automated and manual assessments and promote quick remediation.
• Communicate vulnerability results in a manner understood by technical and non-technical business units based on risk tolerance and threat to the business, and gain support through influential messaging.
• Partner with architects to define security principles in architecture, infrastructure and code.
• Enrich application architecture with security standards, best practices and define baseline configuration.
• Partner with teams to define key performance indicators (KPIs), key risk indicators (KRIs) and distribute useful security related metrics to key stakeholders.
• Assist in documentation of application systems, process flows, and support processes.
• Participate in meetings to review processes and identify requirements and/or needs.
• Define needs by documenting processes; includes research, planning and writing supporting documentation.
• Communicate effectively with management to enhance their understanding of the opportunities and limitations of information systems.
• Research application security best practices and recommend solutions to solve problems or alleviate pain points.
• Bachelor’s or associate degree in Computer Science, Management Information Sciences or area of functional responsibility preferred, or equivalent years of industry work experience
• At least 7 years of DevSecOps or similar work experience.
• Possess a solid understand of information security and cloud application security
• Knowledge of all aspects of application development and project life cycles Design and development experience with engineering software design tools
• Proficient in securing Windows and Linux Operating Systems, applications, and networking
• Experience with operations and security across Microsoft Azure
• Strong experience in deployment and configuration of Azure Services such as:
o App Services and App Service Environment
o Azure Functions
o SQL Server
o API Manager
o Web Application Firewall (WAF)
o Azure Sentinel
o Azure NSG
o Vnets, Subnets, and DNS zones
o App Insights
o Azure policies
o Azure Identity Management
o Azure RBAC and AAD services
• Knowledge of DevSecOps concepts like SAST, DAST and SCA
• Experience in the application security and OWASP principles
• Automation experience using Terraform to ensure cloud services / infrastructure meet security guidelines
• Scripting experience required with strong focus on PowerShell and Azure CLI
• Proficiency with version control systems e.g., git, SVN, CVS
• Working knowledge of SQL and databases
• Experience in designing and implementing a continuous integration pipeline (CICD)
• Ability to troubleshoot issues in Stage and Production environments
• Consistent, positive attitude and respect for high quality standards
• Strong verbal and written communication skills with ability to effectively communicate
• Strong analytical and problem-solving abilities
EXPERIENCE WORKING IN A TEAM-ORIENTED, COLLABORATIVE ENVIRONMENT
• Experience working in an agile development environment
• Experience working with APM and Incident Management tools
• Familiar with Cloud based web application
• Microsoft Azure experience
• Ability to read and comprehend code in C/C++ C# and scripting languages
• Familiarity with Azure DevOps and ServiceNow and project tracking systems