Sr. DevSecOps Cybersecurity Engineer

Posted Feb 2

Full Job Description

Company:

Cox Communications, Inc. Job Family Group:

Information Technology Job Profile:

Cybersecurity Manager Management Level:

Manager - Non People Leader Travel %:

No Work Shift:

Day (United States of America) Job Description:

Senior DevSecOps Security Engineer

Cox Communications is looking for a Senior DevSecOps Security Engineer who will report to the Manager, DevSecOps.

Are you experimentation-driven, bold, result-oriented, customer-focused,? Do you want to help drive the adoption of security controls in the delivery pipeline? Are you excited to implement automated security solutions that will enable development teams to deploy secure software?

As a member of the DevSecOps Team, you will have the opportunity to pioneer security architectures supporting the ability to deliver secure software. You will collaborate with security, development, operations, and infrastructure teams to build and implement automated security solutions that enable the “shift left” culture.

What You’ll Do

  • Build and manage services, tools, and integrations that will automate security controls within CI/CD pipelines.
  • Identify security gaps in DevSecOps architectures and toolchains and recommend enhancements.
  • Provide technical leadership to security, infrastructure, engineering, development, and business teams.
  • Assist with development of the DevSecOps strategy and roadmap across people, process, and technology.
  • Build relationships with development and operations teams and provide guidance on vulnerability remediation.
  • Perform upgrades and drive deployment of security solutions.
  • Create key performance indicators that track the progress and effectiveness of the DevSecOps program.
  • Design security compliance metrics that align with DevSecOps requirements and assist with driving enforcement.
  • Assist with triaging potential security incidents.
  • Assist with cybersecurity escalations and change management.
  • Create runbooks and document policies and procedures.
  • Work with vendors and maintain relationships.
  • Remain current with new cybersecurity trends, threats, and disruptive solutions and make recommendations to leadership.

What’s In It For You?

Really good question, and we have some good answers that we hope you like.

  • We want you to feel cared for and respected (like you do with our customers), and that starts with Cox’s highly competitive pay plus other compensation perks (401k + company matching, comprehensive medical benefits, etc.). We also offer discounted Cox services (in specific Cox markets), tuition reimbursement for academic pursuits, adoption assistance, paid time off to volunteer, childcare and eldercare resources, pet insurance and much more.
  • Good work should be rewarded, and not just with a healthy paycheck. The Cox culture is one that values people more than technology, so it’s our goal to make sure you feel recognized for your contributions. It’s also important to work alongside colleagues who “get you.” At Cox, you’ll find a workplace where relationships are crafted with care and successes are celebrated with high fives. We strive to create an environment where you can do you, and everyone from leadership to new hires can support and feel supported.
  • Growth is a good thing, and you’ll have opportunities to learn and train so you can sharpen your skills and explore opportunities across the Cox family of businesses that will continue to challenge and empower you. In the future, you may have the opportunity to cultivate customer relationships in other sectors where we operate like cleantech, health care and new forms of transportation mobility.

Who You Are

Here is a list of the necessities for the job, as well as some “preferred” qualities that we hope you have as well:

Minimum:

  • BA/BS in Computer Science, IT or a related field and 6 or more years of experience in related field, OR MS degree in a related field and 4 years related experience, OR PhD and 1 year experience in related field.
  • Previous experience as a DevOps/DevSecOps Engineer supporting applications and platforms running in private or public cloud (such as Rancher, Anthos, AWS, GCP, VMWare).
  • Deep experience within DevOps, CI/CD processes, SDLC, and related tools such as Jira, Jenkins, Artifactory, Bitbucket, GitLab, etc.
  • Experience with containers, enterprise container orchestration, and related tools such as Docker, Rancher, Kubernetes, and public cloud container services.
  • Understanding of security automation within DevOps and CI/CD processes including vulnerability identification and management.
  • Experience building and deploying infrastructure-as-code (IaC) and related tools such as Ansible, Terraform, Open Policy Agent.
  • Experience with creating regular expressions (REGEX), writing scripts in python or bash, and interacting with APIs.
  • Understanding of OWASP Top10, CVSS, the MITRE ATT&CK framework and the software development lifecycle (SLDC).
  • Good verbal and written communication skills needed to communicate complex problems, including root cause, to both technical and non-technical audiences.
  • Strong collaboration skills to effectively develop consensus and understanding among cross-functional teams on key security risks and vulnerabilities.
  • Ability to work under pressure, reprioritize, and adjust to changes in direction and deadlines.
  • Ability to balance multiple high priority projects and complete on time with minimal supervision.

Preferred:

  • Experience integrating security solutions into CI/CD workflows and toolsets.
  • Experience with cloud workload protection platforms (CWPP) such as Palo Alto Prisma Compute, Aqua, etc.
  • Experience with SAST, DAST, secret scanning, and/or secrets management solutions such as Veracode, Snyk, Gitleaks, Hashicorp Vault.
  • Experience securing the software supply chain including implementation of appropriate controls across the SDLC and managing change along the way.
  • Big Four consulting background or Fortune 500 company experience.
  • Telecom/Cable industry experience.
  • At least one relevant security-focused certification – CISSP, CCSP, CKS, GCSA.

Join the Cox family of businesses and make your mark today!

About Us:

Cox Communications is all about creating moments of real human connection; and for employees, that’s true both in the workplace and in the problems we solve for customers. From building advertising solutions to unleashing IoT technologies to creating an exceptional experience for customers in our retail locations and online, we’re creating a world that is smarter and more connected. Benefits of working at Cox may include health care insurance (medical, dental, vision), retirement planning (401(k)), and paid days off (sick leave, parental leave, flexible vacation/wellness days, and/or PTO). For more details on what benefits you may be offered, visit our benefits page. Cox is an Equal Employment Opportunity employer – All qualified applicants/employees will receive consideration for employment without regard to that individual’s age, race, color, religion or creed, national origin or ancestry, sex (including pregnancy), sexual orientation, gender, gender identity, physical or mental disability, veteran status, genetic information, ethnicity, citizenship, or any other characteristic protected by law. Cox provides reasonable accommodations when requested by a qualified applicant or employee with disability, unless such accommodations would cause an undue hardship.