Sr. DevSecOps Engineer

Posted Jan 11

Full Job Description

Protecting what matters most to our associates and consumers by securing our sensitive data and critical assets from current and emerging threats. At The home Depot, Cybersecurity consists of Architecture, Governance, Identity & Access Management, Internal Threat Operations, Issue and Compliance Management, Risk Assessment/Advisory, Security Consulting, Security Operations, Service Optimization and Strategic Planning.

The Secure Solutions team is seeking a technical specialist providing technology portfolios with application security solutions throughout the development lifecycle.

Your key responsibilities:

  • Performing security architecture reviews of applications in design and production phases.
  • Identifying security recommendations, potential threats and attacks to applications systems through threat modeling and vulnerability assessment.
  • Consulting with customers on integrating security processes and tools into DevOps processes
  • Working with application development teams to develop solutions to remediate security vulnerabilities.
  • Improving secure coding practices, application security requirements, automation, training and metrics.
  • Maintaining an active understanding of industry practices for secure software development.
  • Play an active role in counseling and mentoring junior Cybersecurity team members.

Skills and attributes for success

  • Understanding of or experience in Agile Development Environment
  • Problem solving and troubleshooting with eye for details
  • Good communication and presentation skills
  • Ability to work in both collaborative and independent work environments
  • Proven ability to work as DevSecOps practioner

Major Tasks, Responsibilities & Key Accountabilities:

100% - Deliver Execution, Plans & Align, Problem Solving - Design automation workflows and capabilities in support of data collection, investigation and incident response Develop threat hunting and data analysis strategy and capabilities Identify and propose new technologies, methodologies and/or approaches to detecting malicious activity Utilize indicators to scope and respond proactively to emerging threats Design, build, configure, maintain and monitor cybersecurity threat defense capabilities and user access management

Nature and Scope:

This Position typically reports to Manager or Sr. Manager

This Position has 0 Direct Reports

Environment:

1. Located in a comfortable indoor area. Any unpleasant conditions would be infrequent and not objectionable.

Travel:

No travel required.

Standard Minimum Qualifications:

Must be eighteen years of age or older.

Must be legally permitted to work in the United States.

Education Required:

The knowledge, skills and abilities typically acquired through the completion of a high school diploma and/or GED.

Years of Relevant Work Experience:

3+ years

Physical Requirements:

Most of the time is spent sitting in a comfortable position and there is frequent opportunity to move about. On rare occasions there may be a need to move or lift light articles.

Preferred Qualifications:

  • Experience in performing application security vulnerability assessment using either manual penetration testing and source code techniques or automated commercial SAST/DAST/IAST/SCA/OSA tools.
  • Experience in performing security architecture/threat modeling
  • Experience in evaluating application security programs for clients and developing key elements of the program as part of the enhancement process and developing internal vulnerability assessment and management processes.
  • Ability to learn and adapt to integrate application security to different CI/CD systems and apply automation as needed
  • Minimum 2 years of experience working in Agile development, application security, or DevOps role, with experience in the following technologies:
  • Containers (Docker, Kubernetes, etc.)
  • Infrastructure as code (Chef, Terraform, etc.)
  • Continuous integration (Jenkins, Github, TeamCity etc.)
  • Integration of Security testing tools like Fortify , ShiftLeft, Check Marx , Invicti, WhietSource into pipeline
  • Defect tracking (Jira, ServiceNow etc.)
  • Source code management (GitLab, GitHub, BitBucket, etc.)
  • Developing enterprise applications or scripts for security testing (security as code)
  • Cloud environment (AWS, Azure, GCP) and various Unix-like distributions
  • Knowledge of networking, infrastructure and applications from a DevOps perspective with a security focus;
  • Experience in programming or scripting languages;
  • Broad knowledge of security control techniques and how they can be applied in a traditional IT environment as well as cloud-based systems
  • Diploma or degree in Computer Science, Software Engineering, or a related field
  • Good technical knowledge of Microservice oriented solutions, APIs, Azure AD and common cloud authentication patterns
  • Cloud DevOps Certification (Azure, GCP, AWS)
  • Security Cert (Sec +, CEH, CCSP, GSEC)

Knowledge, Skills, Abilities and Competencies:

  • Action Oriented
  • Collaborates
  • Communicates Effectively
  • Customer Focus
  • Drives Results