ESR Healthcare
Devsecops ny atl phoenix urbandale ref
ESR Healthcare, New York, New York, us, 10261
Experience level:
Mid-seniorExperience required:
5 YearsEducation level:
Bachelor’s degreeJob function:
Information TechnologyIndustry:
Financial ServicesCompensation:
View salaryTotal position:
1Relocation assistance:
NoVisa:
Only US citizens and Greencard holdersJOB DESCRIPTION:Seeking candidates for the following position in our New York, Chicago, Atlanta, Phoenix, or Urbandale offices.Lead initiatives related to DevSecOps and Secure-SDLC.Define and enhance the company’s Secure Software Development Lifecycle (Secure-SDLC) which in turn will reflect the company’s Application Development Security Policy.Select and standardize application security tools, including vendor/tool assessments and full POC.Integrate Secure-SDLC requirements and other security policy/requirements into the DevSecOps processes.Define and enhance application security requirements and standards designed for agile development methods leveraging traditional application architectures as well as cloud architectures and container workloads.RESPONSIBILITIES:Advise the application security leadership on best practices and standards around application security tools with a main focus on unifying vulnerability reporting, creating predictable CI/CD pipeline processes, and enabling application teams to develop new capabilities securely, free from security defects, by design.Assess security tools currently used within the various business Software Development Life Cycle processes to identify business requirements and rationalize the tool set.Select new application security tools, including vendor/tool assessments, and conduct full POC to prove that the security solutions/products are fit-for-purpose and fit-for-use.Draft documentation for the Secure-SDLC and DevSecOps to illustrate the frameworks and process guidelines to internal customers, ensuring the style is palatable and easy to navigate.Assess impact of new publications from the security industry (e.g., NIST 800-XXX, ISO 2700X:2022, etc.) on the company’s AppSec programs.Research new trends and advise the application security leadership on the impact of the new trends as they relate to currently used tools, tool chain roadmap, efficiency, and effectiveness of current processes.Standardize code weakness analysis processes.Promote the priorities set forth by Global Information Security function, and the roadmap set forth by the Global Application Security.QUALIFICATIONS:5 years+ DevSecOps and Secure-SDLC work experience.CISSP, CSSLP, cloud security, DevSecOps automation, or similar is required.Post-secondary education or equivalent experience as a DevSecOps Engineer.Develop/enhance and implement the Secure-SDLC framework.Design, implement, and rollout DevSecOps automations and tool chain.Implement sensors to collect data on key metrics for statistics and reporting.Serve as the subject matter expert in Secure-SDLC and DevSecOps.Advise on the processes and standards that are designed to implement a company’s Application Development Security Policy.Experience in designing Secure-SDLC processes and relevant tooling to support the processes.Experience in software/application analysis tools like SAST, DAST, SCA, IAST, RASP, threat modeling, etc.Technical hands-on experience in automating and integrating analysis tools into the DevSecOps pipeline.ADDITIONAL QUALIFICATIONS:Identify application security requirements and brainstorm solutions.Assess the tooling and remediation of threats and vulnerabilities within our software/applications, and the hosting environment.ABOUT:
Marsh McLennan is the world’s leading professional services firm in the areas of risk, strategy, and people. The Company’s 76,000 colleagues advise clients in 130 countries. With annual revenue over $17 billion, Marsh McLennan helps clients navigate an increasingly dynamic and complex environment through four market-leading businesses. Marsh advises individual and commercial clients of all sizes on insurance broking and innovative risk management solutions. Guy Carpenter develops advanced risk, reinsurance and capital strategies that help clients grow profitably and pursue emerging opportunities. Mercer delivers advice and technology-driven solutions that help organizations redefine the world of work, reshape retirement and investment outcomes, and unlock health and wellbeing for a changing workforce. Oliver Wyman serves as a critical strategic, economic and brand advisor to private sector and governmental clients.
#J-18808-Ljbffr
Mid-seniorExperience required:
5 YearsEducation level:
Bachelor’s degreeJob function:
Information TechnologyIndustry:
Financial ServicesCompensation:
View salaryTotal position:
1Relocation assistance:
NoVisa:
Only US citizens and Greencard holdersJOB DESCRIPTION:Seeking candidates for the following position in our New York, Chicago, Atlanta, Phoenix, or Urbandale offices.Lead initiatives related to DevSecOps and Secure-SDLC.Define and enhance the company’s Secure Software Development Lifecycle (Secure-SDLC) which in turn will reflect the company’s Application Development Security Policy.Select and standardize application security tools, including vendor/tool assessments and full POC.Integrate Secure-SDLC requirements and other security policy/requirements into the DevSecOps processes.Define and enhance application security requirements and standards designed for agile development methods leveraging traditional application architectures as well as cloud architectures and container workloads.RESPONSIBILITIES:Advise the application security leadership on best practices and standards around application security tools with a main focus on unifying vulnerability reporting, creating predictable CI/CD pipeline processes, and enabling application teams to develop new capabilities securely, free from security defects, by design.Assess security tools currently used within the various business Software Development Life Cycle processes to identify business requirements and rationalize the tool set.Select new application security tools, including vendor/tool assessments, and conduct full POC to prove that the security solutions/products are fit-for-purpose and fit-for-use.Draft documentation for the Secure-SDLC and DevSecOps to illustrate the frameworks and process guidelines to internal customers, ensuring the style is palatable and easy to navigate.Assess impact of new publications from the security industry (e.g., NIST 800-XXX, ISO 2700X:2022, etc.) on the company’s AppSec programs.Research new trends and advise the application security leadership on the impact of the new trends as they relate to currently used tools, tool chain roadmap, efficiency, and effectiveness of current processes.Standardize code weakness analysis processes.Promote the priorities set forth by Global Information Security function, and the roadmap set forth by the Global Application Security.QUALIFICATIONS:5 years+ DevSecOps and Secure-SDLC work experience.CISSP, CSSLP, cloud security, DevSecOps automation, or similar is required.Post-secondary education or equivalent experience as a DevSecOps Engineer.Develop/enhance and implement the Secure-SDLC framework.Design, implement, and rollout DevSecOps automations and tool chain.Implement sensors to collect data on key metrics for statistics and reporting.Serve as the subject matter expert in Secure-SDLC and DevSecOps.Advise on the processes and standards that are designed to implement a company’s Application Development Security Policy.Experience in designing Secure-SDLC processes and relevant tooling to support the processes.Experience in software/application analysis tools like SAST, DAST, SCA, IAST, RASP, threat modeling, etc.Technical hands-on experience in automating and integrating analysis tools into the DevSecOps pipeline.ADDITIONAL QUALIFICATIONS:Identify application security requirements and brainstorm solutions.Assess the tooling and remediation of threats and vulnerabilities within our software/applications, and the hosting environment.ABOUT:
Marsh McLennan is the world’s leading professional services firm in the areas of risk, strategy, and people. The Company’s 76,000 colleagues advise clients in 130 countries. With annual revenue over $17 billion, Marsh McLennan helps clients navigate an increasingly dynamic and complex environment through four market-leading businesses. Marsh advises individual and commercial clients of all sizes on insurance broking and innovative risk management solutions. Guy Carpenter develops advanced risk, reinsurance and capital strategies that help clients grow profitably and pursue emerging opportunities. Mercer delivers advice and technology-driven solutions that help organizations redefine the world of work, reshape retirement and investment outcomes, and unlock health and wellbeing for a changing workforce. Oliver Wyman serves as a critical strategic, economic and brand advisor to private sector and governmental clients.
#J-18808-Ljbffr