JOB-6671

Job Description:POSITION SUMMARYLead product and engineering teams through adoption of DevSecOps principles to identify and remediate vulnerabilities, promote knowledge and train on secure development practices, drive ongoing improvements in security practices, and foster a community of cybersecurity awareness. Partner with technology and cybersecurity leadership to identify and implement initiatives to improve security practices. Responsible for collaboration with product and development teams to ensure identification and remediation of vulnerabilities and implementation of new cyber practices including the completion of security-related training. Deliver periodic updates to varying levels of leadership to raise visibility to ongoing cyber risk and progress towards adoption of cyber practices. Drive a community of security awareness by coordinating with security champions across the development teams, to review and share best practices and areas of opportunity.ESSENTIAL JOB FUNCTIONSLeads interactive activities on cyber best practices and coaching of stakeholders across product and development teams and within the security organizationIdentifies and promotes security best practices and controls across the organizationDesigns, builds and defends scalable, secure, and robust secure engineering processes programLeverage various CI/CD pipelines and tools to identify, assess, and advise on the remediate of vulnerabilitiesReviews periodic vulnerability scans and works on creating reports that will communicate the result to leadershipKey Responsibilities:MINIMUM POSITION QUALIFICATIONS5+ years of experience in an IT development / DevOps role or related fields with working knowledge of Java, NodeJs, GoLang, .NetStrong communication, presentation skills with experience working with varying levels of technical and business leadershipExperience with CI/CD pipelines and ALM tools necessary to conduct vulnerability scans, curate results, identify risk, and facilitate remediationBe able to speak to containerization and virtualization and orchestration. Working with Terraform, Kubernetes, and Docker or alternatives like Podman to guide teams to best practiceCloud certifications Azure Security Engineer, Azure Solutions Architect, Azure Administrator, or like in GCP or AWSReporting, Excel, Business Intelligence platform experienceUnderstanding of controlled data and compliance requirements related to pci-dss, hipaa, sox, ccpa / gdpr