Experience Inc. Jobs

Job Title: Principal DevOps Security Engineer Location: Block 23 What you'll do: The Principal DevOps Security Engineer is accountable for capability engineering & support for tooling and processes that supports Application Development, Testing, & Build/Deploy (CI/CD) capabilities. As a senior engineer for this domain, this role is responsible for advancing the security capability to develop platforms & services that enable automation, robust testing, & a 'shift left' security mentality as it relates to developing, testing, & deploying application code, as well as infrastructure as code pipelines, that application teams can leverage. This role will collaborate with Enterprise Architecture, Security & the Application Teams to understand needs across the enterprise, as well as evangelize the use of CI/CD pipelines & automation in Software Development Lifecycle processes. This role requires a deep technical understanding in the areas of: DevOps platforms, CI/CD pipelines and integrations, Microsoft Azure DevOps, static/dynamic application security testing, software composition analysis, development frameworks, and configuring and deploying software across multiple environments. Additionally, strong strategic & critical thinking skills as well as communication and collaboration skills are required to develop relationships with multiple delivery teams, business partners, and IT leadership. This position is ONSITE ONLY, and you must be located or willing to relocate to Phoenix, AZ / Dallas, TX / or Columbus, OH. Responsible for defining, implementing, & supporting a target state architecture of DevOps platform tooling that supports multiple application teams across multiple development stacks. Establish standards and best practices around security scanning automation, vulnerability management, and delivery (containers, PaaS, etc.). Guide application teams to integrate automated security scanning into CI/CD pipelines, including but not limited to Static Application Security Testing (SAST), Software Composition Analysis (SCA), and Dynamic Application Security Testing (DAST). Troubleshoot and resolve CI/CD pipeline issues from application teams. Collaborate with developers to provide guidance on secure coding practices and assist in remediation of security findings. Works with security, development architecture and application teams to develop strategy and plan for application and pipeline modernization with a security mindset. Collaborate with Security, Risk and Compliance team to create, implement and apply DevSecOps principles, processes and culture that are consumed by application teams. Works with Enterprise Architecture, QA, & Security teams to analyze new and emerging trends in DevOps and Development Architecture to ensure standards remain current and relevant. Facilitates the evaluation and selection of software product standards and services within the domain of DevOps and Development Architecture. Administer cloud-based Azure DevOps Services and security tooling. Guide and mentor team members on DevOps best practices and standards. Identify bottlenecks and implement solutions to optimize development and deployment processes. What you'll need: 10+ years of related IT experience, with 5+ years in application development with experience building & managing automation using DevOps / DevSecOps platforms & tooling. Bachelor's degree in computer science, information technology, engineering, system analysis or a related study, or equivalent experience. 5+ years administration and support of SAST, DAST, and or SCA security scanning tools (SonarQube, Invicti, GitHub Advanced Security preferred). 5+ years administration and support of Azure DevOps Services including repositories, Pipelines, Artifacts, and work items. Deep understanding and experience in designing & implementing modern co