| DevSecOps to work in Arlington, VA || F2F Interview at Arlington, Virginia, USA |
| Email: [email protected] |
|
http://bit.ly/4ey8w48 https://jobs.nvoids.com/job_details.jsp?id=1967671&uid= From: Ishavdeep Singh, Cloud Think Technologies [email protected] Reply to: [email protected] Seeking DevSecOps of 7-10 years or more of work experience (sometimes called Security Engineer or Application Security Engineer or Appsec) Absolutely must have true Python automation experience Must have previously worked in DevOps and CI/CD pipelines and deployment capacity with Jenkins Hybrid 3 days a week Can be any work VISA including US citizens, Green Card, OPT-EAD, H4-EAD Must be local to Arlington, VA as last interview is in-person with team that includes Python coding. 2 rounds of interviews: First video screening about 30-45 minutes. Then last round is in-person for about 1.5 hours with the team. DevSecOps is a framework that integrates security into every stage of the software development lifecycle. It's an extension of DevOps that emphasizes collaboration between development, security, and operations teams to deliver secure software. Manager is the tech lead for the trading system part of the bank. Their team is integrating in CICD pipelines that build applications and deploy They are building security into that process. They use security testing tools into this pipeline. Certifications (certifying the security not the person) and fixing issues to the development teams They have automated the full process They want a Development Security Operations (DevSecOps) Engineer. Dev Ops processes, Jenkins. And Plugins with Jenkins and Groovy for writing scripts. To help with automation. CICD pipelines and technologies for deployment and automation of processes for that they need Python . <--- MUST HAVE PYTHON very good in python (7-8 years experience in python) Python is used for Automation. The job is about Automation. Need soft skills proactive / work with other teams/ meet with issues and reach out to other teams to get them fixed. Proactive mind set Have experience working previously at Large organizations. TITLE DevSecOps engineer / Security DevOps Engineer with Jenkins, Groovy and PYTHON. MUST HAVE PYTHON and SAST DAST SCA This is new work and support (anyone who works with Jenkins has Groovy) INTERVIEWS 30 minutes of screening via Video Final round 90 minutes with a panel ONSITE second round. With a coding round included in the onsite in python. Hybrid 3 / days a week What You'll Do: - Collaborate with a team of engineers to implement Banks specific security policies in the CI/CD security tools including but not limited to SAST, DAST and SCA applications . <--- NEED THESE TOOLS, strong plus - Work with Development , DevOps and Security teams to identify and develop automated security and compliance capabilities in support of DevOps processes . - Define the security rules that needs to be adhered to at a code level in web and mobile applications written in Java, React, Objective C, SWIFT, Kotlin etc. <-- know some of this is good. - With your development background and security knowledge, provide security guidance to developers in the form secure coding standards and guidelines. - Support security standards, create templates and patterns to increase the efficiency and adoption of security program. <--- If they are familiar with creating policies its good. These skills will help you succeed in this role: RECRUITERS MUST RUN CHECKLIST / KEYWORDS UNDERLINED - Bachelor's degree with minimum 8 years of work experience in the IT field - 3+ years software development experience using Java, JavaScript nice to have . - 3+ years of experience in the following: - OWASP Secure Coding Practices <--- must have basic knowledge of this - Common software and web application security vulnerabilities - Application security scanning tools - Continuous Integration/Continuous Deployment (CI/CD) processes and concepts using relevant technologies and tools (e.g., Jenkins) - Experience in Python scripting Even Better If You Have RECRUITERS MUST RUN CHECKLIST / KEYWORDS UNDERLINED - A degree in Cybersecurity or CISSP/CSSLP certification or keen desire to move to security field - Business acumen to support the implementation of SAST or DAST or IAST across the enterprise - Ability to perform code reviews with minimal assistance - A self-starter, with a strong desire for learning new technologies and applying them to solve problems - Experience with two or more of the application build environments like Jenkins, Gradle, Maven. <--- MUST HAVE two of these - Familiarity with public cloud services a plus - Experience with two or more of the Secure SDLC tools like Burp Suite, Fortify, Checkmarx, AppSec SE, Veracode, WhiteSource, Sonatype <--- MUST HAVE two of these - Experience with Threat Analysis. - Experience with DevSecOps, Secure SDLC. - DevOps container/orchestration tools (Kubernetes, Docker, Puppet, etc) is a plus - Experience with evaluation, integration and onboard of security tools such as RASP, WAF, vulnerability scanner results, container analyzers, open source scanning etc is a plus Keywords: cprogramm continuous integration continuous deployment information technology Virginia DevSecOps to work in Arlington, VA || F2F Interview [email protected] http://bit.ly/4ey8w48 https://jobs.nvoids.com/job_details.jsp?id=1967671&uid= |
| [email protected] View All |
| 10:30 PM 26-Nov-24 |