DevSecOps Engineer
Company: Veryon Work Center
Location: Palo Alto
Posted on: October 25, 2024
Job Description:
DevSecOps EngineerWhy We Need You - The Mission & Our
VisionVeryon is a leading software and technology company that
exists to enable aviation teams around the world to improve
efficiency and safety. Our products maximize uptime for aircraft
maintenance teams through our customer driven innovation and world
class customer service.Veryon has more than 7,500 customers in 137
countries, we service general and business aviation,
military/defense, commercial aviation, and OEM industries. Our core
values drive us, in business, internally, and in our everyday
lives.As a DevSecOps Engineer, you will play a pivotal role in
defining, maintaining, and implementing Veryon's security strategy.
You will apply your deep expertise in information security
technologies, concepts, and methodologies to combat potential cyber
threats and ensure regulatory compliance of Veryon.You will find
yourself engineering, implementing and managing security measures
to protect Veryon's engineering infrastructure and applications
from vulnerabilities and cyber-attacks.What You'll Accomplish -
Your Performance ObjectivesObjective #1: In Your First 30 Days, you
will:
- Complete onboarding process including understanding Veryon's
policies and procedures.
- Engage with stakeholders across the organization and build
mechanisms and cadences for collaboration and information
sharing.
- Meet with leaders and key roles in Engineering, IT and Security
to gain an understanding of the current landscape including people,
processes and technology.
- Review all architecture documentation and note down missing
information that would be required or relevant to a security
program.Objective #2: In your first 90 days, you will:
- Kick off a new process to regularly identify and prioritize
security risks to the organization - threat modeling / risk
profiling.
- Security Champions pilot program: lead engagements w/ volunteer
engineering peers to build security-first coding practices.
- Work with DevOps and SecOps teams to identify and create
special policies and procedures for high risk assets (i.e. assets
with larger and/or sensitive datasets).
- Present a review of existing policies in tooling (i.e.
Crowdstrike, Palo Alto, Active Directory), suggestions for
revisions/updates, and impacts to downstream systems.
- Optimize Security Monitoring Dashboards and alert resolution
processes.
- Review and suggest improvements to Incident Response
Plans.Objective #3: In your first 12 months, you will:
- Deliver next phase of Security Champions program plans.
- Deliver regular reporting on the overall security of the
organization derived from various sources such as vulnerability
scanning, high risk assets, penetration testing, etc.
- Demonstrate measurable improvement in prioritization and
remediation of organizational security risks.
- Identify, prioritize and implement at least two new major
security innovations across Veryon infrastructure.
- Contribute to compliance and regulatory audit efforts.
- Enhance engineering cloud security posture via benchmarking and
audits, leveraging existing tools and/or implementing required
tooling.
- Security process automation (SOAR for example).Key Job
Responsibilities and Experience and Skills We Seek
- Provide subject matter expertise for cloud (AWS/Azure)
infrastructure and application security design and
implementation.
- Implement security controls and design requirements during the
software development process and change management lifecycle.
- Demonstrate exceptional proficiency in identifying systems
vulnerabilities and providing actionable remediation
suggestions.
- Define best in class authentication and authorization methods
and access controls.
- Identify security design gaps in existing and proposed
architectures and recommend changes or enhancements.
- Conduct or facilitate threat modelling of services and
applications that tie to the risk and data associated with the
service or application.
- Design technical solutions to address security weaknesses, and
work with relevant stakeholders to implement them.
- Partner with SecOps and Engineering functions to address
vulnerabilities with internal and external facing systems.
- Research advanced approaches regarding application security
best practices in the field to determine trends that may impact the
operations and address services optimization and continuous
improvement opportunities.
- Stay on the leading edge of security, vulnerability practices
and remain current on new technologies and available vendor
packages.
- Provide guidance and expertise to ensure that security measures
are effectively integrated into all aspects of the organization's
landscape.
- Participate in application and infrastructure projects to
provide security-planning advice.Examples of
Responsibility:Security Integration in DevOps:
- Implement security measures at various stages of the DevOps
pipeline to identify and mitigate security risks early in the
development process.
- Collaborate with development and operations teams to integrate
security tools and processes, ensuring that security is a
fundamental part of the DevOps workflow.CI/CD Pipeline
Security:
- Develop, maintain, and enhance CI/CD pipelines with integrated
security tools such as static and dynamic analysis, software
composition analysis, and vulnerability scanning.
- Automate security testing and enforce security policies within
the CI/CD pipelines.Infrastructure as Code (IaC):
- Implement and manage security controls in infrastructure as
code (IaC) environments using tools like Terraform, AWS
CloudFormation, etc.
- Regularly audit IaC scripts for security vulnerabilities and
ensure compliance with industry best practices.Security Monitoring
and Incident Response:
- Implement security monitoring tools and processes to detect and
respond to security incidents in real-time.
- Work with the security team to investigate and respond to
security breaches, ensuring that any issues are quickly identified
and resolved.Collaboration and Communication:
- Work closely with development, operations, and security teams
to advocate for and implement security best practices.
- Provide guidance and training to teams on secure coding,
security automation, and best practices for DevSecOps.Compliance
and Governance:
- Ensure that all DevSecOps processes comply with relevant
regulations and industry standards (e.g., ISO, GDPR, SOC 2).
- Assist in maintaining security documentation, policies, and
procedures related to DevSecOps activities.Job Requirements:
- Bachelor's or master's degree in computer science, Information
Systems or related quantitative field.
- 7+ years of relevant working experience or working in similar
role.
- Deep understanding of "security by design" and "privacy by
design" concepts, able to articulate secure architectural options
to technical and non-technical stakeholders and provide
recommendations.
- Experience with continuous integration, continuous delivery,
test development, release management and related CI/CD and DevOps
tooling (GitLab, Kubernetes, IAM etc.).
- Demonstrable skills in two or more programming/scripting
languages.
- Strong planning, strategic thinking, and prioritization
skills.
- Proactive and excellent communicator with a team-oriented
approach to solve business problems with entrepreneurial mindset to
constantly improve the status quo.
- Ability to keep up with the state-of-the art security and cloud
computing trends in the market and quickly comprehend how to apply
to Partners Group environments.How We Work - The Core Values That
We Live ByFueled By Customers: We work hard so our customers can
get more uptime. A customer-centered approach is on the forefront
of our minds. We're big on transparent communication with our
customers, and we celebrate their wins internally because we love
the positive impact we're making on their lives.Win Together: We
focus on the "we" and not the "me". Collaboration is key, we value
diverse backgrounds and skill sets. Our mission is to win as a
team, we think everyone plays an integral part in our success.Make
it Happen: When we make a commitment, we get it done. We take a
proactive approach, we commit, we adapt to evolving landscapes and
problems, we tackle problems at every difficulty level.Innovate to
Elevate: We set the standard in aviation by embracing and advancing
cutting edge technology. We take a fail-forward approach using
everything as a learning experience. We encourage creativity and
experimentation within our teams. This helps us set the bar high
and provide world class expertise in aviation.
#J-18808-Ljbffr
Keywords: Veryon Work Center, Citrus Heights , DevSecOps Engineer, Engineering , Palo Alto, California
Didn't find what you're looking for? Search again!
Loading more jobs...