30+ days ago
The DevSecOps engineer must ensure they automatically bake in security at every phase of the software development lifecycle, enabling the development of secure software at the speed of Agile and DevOps.
Integrate security in the DevOps culture.
Design, prototype, support, and validate scalable security solutions to eliminate systemic issues, including prototyping new security tools, evaluating/validating existing security tools, automation enhancements to support and improving existing product security tools: SAST, DAST and SCA.
Assist with triage of findings from security tools. Develop and refine rules and checks for security automation.
Identify and understand inherent, systemic high-risk security issues that could lead to security incidents.
Consult software development teams in the design and architecture of secure systems. Collect, identify, and develop best practices for specific security-related problems.
Upskill developers in security requirements like for example the OWASP Top 10.
Develop automation solutions for day to day maintenance and troubleshooting tasks.
Respond to incident escalation requirements from security tools and support SOC functions in region.
Work with Product Security in performing threat modelling exercises and facilitate technology security reviews including Secure SDLC testing and verification requirements.
Identify, prioritize, and help implement security improvements that maximize security while keeping developers productive.
Experience coordinating and performing vulnerability assessments using automated and manual tools.
Ability to review and analyse vulnerability data to identify security risks to the organization's network, infrastructure, and applications.
Support the preparation of security vulnerability and risk management reports for management.
Support coordination of remediation of vulnerabilities within established timeframes.
BS degree in Computer Science, Computer Engineering, Electrical Engineering, or other related engineering field is required
Minimum of 5 years of experience in software development, systems & architecture concepts, and designs
Minimum of 3 years work experience in multiple security domains developing scalable secure solutions
Required Knowledge, Skills and Attributes:
Secure coding practices
Experience with .NET stack and other programming languages (such as C++, Python)
Security design, threat modelling and a thorough understanding of threats and threat vectors
Systemic security issues: identifying, root cause analysis, designing security solutions
Code obfuscation tools
If you’re a team player who is passionate about Engineering and we’ve just described your career aspirations, then please click on the APPLY button.
Interested in a career with BD, but this position doesn’t fit your skills and experience? Join our external EMEA Talent Community here: https://emea.jobs.bd.com/