Back to results

DevSecOps Engineer

Pittsburgh, United States

Job details

  • Salary: $180,000.00
  • Sector: Cyber Security
  • Type: Permanent

DevSecOps Engineer - Financial Services Firm
FIRM: Fortune 500 financial services institution.


LOCATION:

  • Fully remote in Continental US.
  • Preferably working ET or CT time zones.
  • Occasional 15% travel for team building purposes.
CONTEXT:
  • The firm has a global Cybersecurity organization of 150 FTE. You will report directly to the Manager of Product Security & Security Architecture.
  • A new CSO joined a few months ago who helped finetune the Security strategy and priorities for 2024 and beyond (15 months).
  • The firm has identified 6 strategy and priority pillars for 2024 and beyond. This includes initiatives such as Intelligent Threat Management, Gen AI, SOC and Zero Trust.  
  • Why do we need DevSecOps Engineers? This falls under the priority of Zero Trust, Identity and Role-Based-Access Controls. Identity reasons. The firm is looking to improve and mature the design and control over their systems (Azure DevOps, GitHub) and processes.
  • Looking for 2x Engineers to almost work in an Advisory/Consulting capacity to demonstrate ‘how to do DevSecOps in the proper way’. Acting like a “Small Center of Excellence.”
    • For example, “when you create CI/CD pipelines, you check in the source code, pool requests, this is what you do next etc.”
DAY TO DAY REPSONSBILITIES:
  • Designing, implementing, championing, and managing unified DevOps systems and patterns.
  • It is a disconnected environment with different legacy systems, tech and a lot of Developers and different users.
    • You will be responsible for going into ‘DevOps instances’ and policies i.e. hands-on set the user submissions right for the pattern, onboard people to get the system under control, align role-based-access-controls etc.
    • Help build and integrate security controls into the CI/CD pipelines (using Terraform/Ansible). Right now, pipelines sit with SCCM team so not good for developers and the security controls are not mature enough.
    • This group will “act as a Center of Excellence”, how to deploy, build and get controls policies in place for pipelines and get handle on the DevOps approach.
    • Building this from scratch. Setting guidelines and policies.
  • Looking to get to a more thought-out DevOps systems, patterns and automate the enforcement of it.

MUST HAVE REQUIREMENTS:
  • 3+ years of recent hands-on DevSecOps experience. Cybersecurity expertise.
  • Experience with automating infrastructure and application deployments (CI/CD).
  • Hands-on experience with Terraform (IaC) or Ansible - with a preference towards Terraform.
  • Experience configuring and securing Azure DevOps (must have)
  • Current scripting experience in one or more languages (Python, Powershell or Bash)
  • Former or current networking experience i.e. reverse proxying, WAF configuration and TCP/IP
  • Understanding of container technologies and tooling (Kubernetes preference)
  • US Citizen
NICE TO HAVE REQUIREMENTS:
  • Architecture/design experience
  • Experience with Docker, Helm, WSL, and Kubernetes
  • Experience Amazon Web Services or Google Cloud Platform
  • Financial services experience

INTERVIEW PROCESS:
  • Typically 4 interview processes.

Looking for jobs around the globe?

We work with some of the most innovative companies around the world, and pride ourselves on matching our candidates with high-quality opportunities. Elevate your career today!