Posted

30+ days ago

Location

Limerick

Description

Job Description Summary

Security is the key component in everything we develop and DevSecOps is the culture and philosophy ensuring security is integrated into all security practices of our DevOps processes. Ensuring security and privacy for our customers, clients, and their patients, is a key Mantra in all our work. We achieve this by making everyone accountable for security and strive to continually enhance and improve our 'Security as Code' culture. We require and encourage candour between teams and management, and require strong collaboration between stakeholders, developers, operations, QA, release and security teams.
This role provides the scope to drive and enhance our next generation of automated security tooling into our development pipelines, taking the lead in configuration of deployments, ensuring the overall product security and while supporting business solutions. Day to day primary responsibilities include relationship management, providing guidance to the development teams, ensuring we deliver a quality service to sponsors, stakeholders, and users.

Job Description

The DevSecOps engineer must ensure they automatically bake in security at every phase of the software development lifecycle, enabling the development of secure software at the speed of Agile and DevOps.

Responsibilities:

  • Integrate security in the DevOps culture.

  • Design, prototype, support, and validate scalable security solutions to eliminate systemic issues, including prototyping new security tools, evaluating/validating existing security tools, automation enhancements to support and improving existing product security tools: SAST, DAST and SCA.

  • Assist with triage of findings from security tools. Develop and refine rules and checks for security automation.

  • Identify and understand inherent, systemic high-risk security issues that could lead to security incidents.

  • Consult software development teams in the design and architecture of secure systems. Collect, identify, and develop best practices for specific security-related problems.

  • Upskill developers in security requirements like for example the OWASP Top 10.

  • Develop automation solutions for day to day maintenance and troubleshooting tasks.

  • Respond to incident escalation requirements from security tools and support SOC functions in region.

  • Work with Product Security in performing threat modelling exercises and facilitate technology security reviews including Secure SDLC testing and verification requirements.

  • Identify, prioritize, and help implement security improvements that maximize security while keeping developers productive.

  • Experience coordinating and performing vulnerability assessments using automated and manual tools.

  • Ability to review and analyse vulnerability data to identify security risks to the organization's network, infrastructure, and applications.

  • Support the preparation of security vulnerability and risk management reports for management.

  • Support coordination of remediation of vulnerabilities within established timeframes.

Qualifications:

  • BS degree in Computer Science, Computer Engineering, Electrical Engineering, or other related engineering field is required

  • Minimum of 5 years of experience in software development, systems & architecture concepts, and designs

  • Minimum of 3 years work experience in multiple security domains developing scalable secure solutions

Required Knowledge, Skills and Attributes:

  • Secure coding practices

  • Experience with .NET stack and other programming languages (such as C++, Python)

  • Security design, threat modelling and a thorough understanding of threats and threat vectors

  • Systemic security issues: identifying, root cause analysis, designing security solutions

Nice-to-Haves:

  • Code signing

  • Code obfuscation tools

  • PowerShell

  • MS Azure

  • Hardening Standards

  • TPM

  • Windows DPAPI

If you’re a team player who is passionate about Engineering and we’ve just described your career aspirations, then please click on the APPLY button.

Interested in a career with BD, but this position doesn’t fit your skills and experience? Join our external EMEA Talent Community here: https://emea.jobs.bd.com/

Primary Work Location

IRL Limerick - Castletroy

Additional Locations

Work Shift

Source: BD