CyberTec
DevSecOps Assurance Specialist
CyberTec, Dallas, Texas, United States, 75215
DevSecOps Assurance SpecialistLocation: Dallas TexasClient - VanguardDay One OnsiteRate: $57/hr. C2C - AIC
Responsibilities:Provide technical security risk oversight of DSO Assurance processesReview and approval of security vulnerability acceptance requestsEnsure adherence to security requirements and vulnerablity remediation SLAsActive participation in recurring security and vulnerability oversight meetingsAssist with daily DevSecOps Security Assurance operational and enforcement processes for our current suite of security automation tools.Provide support to IT teams for enhancing security and protection controls in relation to security automation, CI/CD, DevSecOps, and vulnerability remediation.Participate in DevSecOps Security Assurance projects and initiatives as assigned
Qualifications:Extensive experience working with widely used security automation technologies such as:Static Application Security Testing (SAST)Software Composition Analysis (SCA)Open-Source software vulnerabilitiesDynamic Application Security Testing (DAST)Interactive Application Security Testing (IAST)Container and image security scanningAPI security scanningPractical experience analyzing vulnerability data to understand and communicate risks, concerns and outcomes of decisionsExperience with CI/CD pipeline tools and technologies such as Bamboo, Jenkins, GitHub, GitHub Actions, Artifactory, Nexus, Docker, Kubernetes, Ansible, or Terraform, and Atlassian Suite (Jira, Confluence, Bitbucket)Working knowledge of OWASP Top 10, SANS Top 25, NIST/NVD (National Vulnerability Database), CVSS (Common Vulnerability Scoring System), CVE (Common Vulnerabilities and Exposures), technical security vulnerability remediation/mitigation, and security risk oversightStrong, demonstrated analysis and problem-solving, communication, interpersonal skillsProfessional security certification in good standing such as ISC2 CISSP, ISC2 Certified Secure Software Lifecycle Professional (CSSLP), GIAC Security Essentials Certification (GSEC), or CompTIA Security+Recent software engineering experience is a plusExperience with scripting languages such as PowerShell, Python, Bash, or Postman is a plus
Responsibilities:Provide technical security risk oversight of DSO Assurance processesReview and approval of security vulnerability acceptance requestsEnsure adherence to security requirements and vulnerablity remediation SLAsActive participation in recurring security and vulnerability oversight meetingsAssist with daily DevSecOps Security Assurance operational and enforcement processes for our current suite of security automation tools.Provide support to IT teams for enhancing security and protection controls in relation to security automation, CI/CD, DevSecOps, and vulnerability remediation.Participate in DevSecOps Security Assurance projects and initiatives as assigned
Qualifications:Extensive experience working with widely used security automation technologies such as:Static Application Security Testing (SAST)Software Composition Analysis (SCA)Open-Source software vulnerabilitiesDynamic Application Security Testing (DAST)Interactive Application Security Testing (IAST)Container and image security scanningAPI security scanningPractical experience analyzing vulnerability data to understand and communicate risks, concerns and outcomes of decisionsExperience with CI/CD pipeline tools and technologies such as Bamboo, Jenkins, GitHub, GitHub Actions, Artifactory, Nexus, Docker, Kubernetes, Ansible, or Terraform, and Atlassian Suite (Jira, Confluence, Bitbucket)Working knowledge of OWASP Top 10, SANS Top 25, NIST/NVD (National Vulnerability Database), CVSS (Common Vulnerability Scoring System), CVE (Common Vulnerabilities and Exposures), technical security vulnerability remediation/mitigation, and security risk oversightStrong, demonstrated analysis and problem-solving, communication, interpersonal skillsProfessional security certification in good standing such as ISC2 CISSP, ISC2 Certified Secure Software Lifecycle Professional (CSSLP), GIAC Security Essentials Certification (GSEC), or CompTIA Security+Recent software engineering experience is a plusExperience with scripting languages such as PowerShell, Python, Bash, or Postman is a plus