Principal DevSecOps Engineer

Patterson isn't just a place to work, it's a partner that cares about your success.

One of the distinguishing marks of our company is the talented people who embrace the people-first, always advancing, and results-driven culture. Professional growth abounds in this motivating environment. We value the diverse talents and experiences our employees bring to Patterson and believe that they build a stronger and successful organization.

JOB SUMMARY

The Principal DevSecOps Engineer supports web-based Cloud software applications, shared services, and hosting platforms for the Dental Software Organization.  We are looking for a DevSecOps Engineer who has a keen eye toward automation and continually improving the security, availability, and scalability of our applications.  This engineer will work with the latest Azure technologies. The DevSecOps Engineer focuses all aspects of security during the application life cycle, processes and sets direction with process workflows and improvements with system engineers, software engineers, and technical architects.  This position advocates for security-first principles, constantly assess the threat landscape and adapting quickly to manage enterprise risk, as well as integration, configuration and deployment requirements.

ESSENTIAL FUNCTIONS

To perform this job successfully, an employee must be able to perform each essential function satisfactorily, with or without reasonable accommodation. To request a reasonable accommodation, notify Human Resources or the manager who oversees the position. 

•    Builds relationships with developers, stakeholders, and technical leaders to incorporate security principles into engineering design and deployments.

•    Oversee implementation of defensive configurations and countermeasures across cloud infrastructure and applications.

•    Drafts and uphold Secure SDLC strategy and practices in tandem with other technical team leads.

•    Partners with the Application Security team in implementing services and tools to enable developers and engineers to easily use security components produced by application security team members.

•    Simplify automation that applies security inter-workings with CI/CD pipelines.

•    Support the ability to “shift left” and incorporate security early on and throughout the development lifecycle including threat modeling and developer IDE security features.

•    Assist prioritization of vulnerabilities identified in code through automated and manual assessments and promote quick remediation.

•    Communicate vulnerability results in a manner understood by technical and non-technical business units based on risk tolerance and threat to the business, and gain support through influential messaging.

•    Partner with architects to define security principles in architecture, infrastructure and code.

•    Enrich application architecture with security standards, best practices and define baseline configuration.

•    Partner with teams to define key performance indicators (KPIs), key risk indicators (KRIs) and distribute useful security related metrics to key stakeholders.

•    Assist in documentation of application systems, process flows, and support processes.

•    Participate in meetings to review processes and identify requirements and/or needs. 

•    Define needs by documenting processes; includes research, planning and writing supporting documentation.

•    Communicate effectively with management to enhance their understanding of the opportunities and limitations of information systems. 

•    Research application security best practices and recommend solutions to solve problems or alleviate pain points.

REQUIRED QUALIFICATIONS

•    Bachelor’s or associate degree in Computer Science, Management Information Sciences or area of functional responsibility preferred, or equivalent years of industry work experience

•    At least 7 years of DevSecOps or similar work experience. 

•    Possess a solid understand of information security and cloud application security 

•    Knowledge of all aspects of application development and project life cycles Design and development experience with engineering software design tools

•    Proficient in securing Windows and Linux Operating Systems, applications, and networking 

•    Experience with operations and security across Microsoft Azure

•    Strong experience in deployment and configuration of Azure Services such as:

o    App Services and App Service Environment

o    Azure Functions

o    SQL Server

o    API Manager

o    Web Application Firewall (WAF)

o    Azure Sentinel

o    Azure NSG

o    Vnets, Subnets, and DNS zones

o    KeyVault

o    App Insights

o    Azure policies

o    Azure Identity Management

o    Azure RBAC and AAD services

•    Knowledge of DevSecOps concepts like SAST, DAST and SCA

•    Experience in the application security and OWASP principles

•    Automation experience using Terraform to ensure cloud services / infrastructure meet security guidelines

•    Scripting experience required with strong focus on PowerShell and Azure CLI

•    Proficiency with version control systems e.g., git, SVN, CVS 

•    Working knowledge of SQL and databases

•    Experience in designing and implementing a continuous integration pipeline (CICD) 

•    Ability to troubleshoot issues in Stage and Production environments

•    Consistent, positive attitude and respect for high quality standards

•    Strong verbal and written communication skills with ability to effectively communicate 

•    Strong analytical and problem-solving abilities

EXPERIENCE WORKING IN A TEAM-ORIENTED, COLLABORATIVE ENVIRONMENT

PREFERRED QUALIFICATIONS

•    Experience working in an agile development environment

•    Experience working with APM and Incident Management tools

•    Familiar with Cloud based web application 

•    Microsoft Azure experience

•    Ability to read and comprehend code in C/C++ C# and scripting languages

•    Familiarity with Azure DevOps and ServiceNow and project tracking systems

Periodic on call rotations and available outside of normal business hours on evenings and weekends during critical production release or issue escalation periods

The duties of this role may be performed remotely in the following states: AK,AZ,CA,CO,CT,DC,HI,ID,IL,KS,KY,ME,MA,MI,MN,MO,NE,NV,NH,NM,NY,OR,RI,SD,TN,TX,UT,VT,WV,WI 

The potential compensation range for this role is below. The final offer amount could exceed this range, based on various factors such as candidate location (geographical labor market), experience, and skills.

$160,000 - $180,000

What's In It For You:

We provide competitive benefits, unique incentive programs and rewards for our eligible employees:

• Full Medical, Dental, and Vision benefits and an integrated Wellness Program.
• 401(k) Match Retirement Savings Plan.
• Employee Stock Purchase Plan (ESPP).
• Paid Time Off (PTO).
• Holiday Pay & Floating Holidays.
• Volunteer Time Off (VTO).
• Educational Assistance Program (Tuition Reimbursement).
• Full Paid Parental and Adoption Leave.
• LifeWorks (Employee Assistance Program).
• Patterson Perks Program.

EEO Statement

EOE, including disability/vets.

We are Patterson. We welcome you.

• Share this job
• Email
• Facebook
• Twitter