E21-315 Cloud SecDevOps Engineer

The purpose of the SecDevOps role:

Maintain and evolve Cloud Services security posture of the hosted SaaS environment and the Cloud Services Information Security tools and services. Drive and implement continuous improvements to both the SaaS technology stack and processes. Serve as a goto person to provide guidance and technical leadership to other staff members with in the Cloud Services organization and other teams as necessary. Lead security initiatives and principles towards adoption within the organization. Communicate and visualize security threats, trends and needs feeding into the Cloud Services technology roadmap.

The SecDevOps role responsibilities will include:

• Manage and lead security incidents and remediations work
• Be the Cloud Services POC to the Security Operations Center
• Manage and maintain security related integrations to SIEM
• Manage and maintain hardening Saas infrastructure and services
• Collaborate with corporate Information Security team
• Collaborate on design, analysis, architecture, implementation, pentesting, security reviews and process enhancements.
• Custodian of the key management echo system
• Stakeholder in SDLC process
• Provide recommendations on emerging security technologies and tools
• Support compliance and certification initiatives and design with those in mind
• Create Engineering documentation and procedures to implement tools into the environment
• Create and maintain documentation describing security architecture and posture
• Mentor/train Cloud Services team and provide technical direction and project leadership.
• Converting feedback from security analysis tools into infrastructure

While the job description describes what is anticipated as the requirements of the position, the job requirements are subject to change based upon any changing needs and requirements of the business.

Required Experience

Qualifications for the SecDevOps role:

• +3 years hands-on experience in security of native SaaS solutions
• 3+ years experience with software security, secure coding and best practices patterns implementing security controls
• Working experience with Azure technologies
• Working experience with Azure Security Center and other Azure native security frameworks and functions
• Experience with infrastructure as code (Terraform, etc)
• Experience with networking and network protocols
• Experience with scripting and/or development in a security context
• Experienced in securing micro services.
• Experience with configuration management tools such as ansible, chef, puppet
• Experience with CI/CD automation (Azure DevOps experience a plus)
• Experience with containers and orchestration