We are one of the largest and most prestigious pharma companies in the world, that has been in business for over 100 years and is still growing. We have invested very heavily in both our DevOps and our Cyber Security teams, and are looking to grow those teams by hiring several long-term consultants. A critical role for us to fill is an 18-month contract position for a Senior DevSecOps Architect / Engineer. We seek a highly motivated professional with experience in Security and Privacy to join our dynamic team. As a DevSecOps architect, you will help with threat modeling, application security posture management, security orchestration, and vulnerability weakness assessments to improve the organization's resilience and product portfolio.
What will the Senior DevSecOps Engineer / Architect Do?
? Manage vulnerabilities (3rd party) and weaknesses (1st party) in our products,
evaluating the criticality for an adequate prioritization and providing the most suitable
remediation, working directly with the product teams as a trusted advisor
? Conduct vulnerability monitoring, (on-demand) vulnerability scanning, and other security
? Provide expertise to product teams and Affiliates to answer inquiries, pre-sales requests,
contract negotiations and other cybersecurity-related customer support
? Contribute to initiatives within the Diagnostic Division to achieve the integration of
defense capabilities into the development of new products and in the update/upgrade,
maintenance and support of existing products in collaboration with Product Support teams.
? Develop and automate technical workflows for investigations and assessments of cyber
security vulnerabilities and drive onboarding of new products in Vulnerability Monitoring,
and provide training to relevant stakeholders in the organization regarding Vulnerability
Handling and Incident Response.
? Develop, maintain and continuously optimize processes, playbooks, and tools for
Vulnerability Monitoring, Vulnerability Management, Incident Response, Threat
Intelligence and Security Testing.
? Evangelize security and privacy by developing Security Champions across departments
involved in the product development and operations
? Maintain the product security controls and awareness supporting other PSPO Chapters
(Solution Architecture, Product Support, and Compliance/Privacy).
? Develop security-as-code & policy-as-code pipelines
What Skills and Experience are we looking for in a Senior DevSecOps Engineer / Architect?
? Minimum 3 years of related work experience in SDLC & Cloud Operations
? Demonstrated experience in Cloud computing technologies, full-stack deployments, and more
? Demonstrated experience in Kubernetes, Docker, AWS or GCP, and other cloud-native tools
? Demonstrated experience in Jenkins/ArgoCD/Tekton or another common CI/CD tool
? Demonstrated skills in Sigstore, SBOM, SLSA, and secure software supply chain
? Ability to develop Terraform, Kubernetes manifests or other forms of infrastructure as code
? Ability to codify Rego or Cedar policies
? Demonstrated experience in SAST & DAST tools (Checkmarx, Snyk, Mayhem,
BurpSuite, ZAP, etc)
? Demonstrated experience automating security controls (eg shell scripting, python)
? In-depth experience in managing information security and privacy risks and threat
? In-depth experience in vulnerability handling pre and post-market launch
? In-depth experience in system and cloud infrastructure hardening
? Strong understanding of industry standards: ISO 27000 family and HITRUST
? Certifications are a plus: SANS GIAC (GCIH, GPEN, GCIA, GCFA, and others), CEH,
CISSP, CISA, CISM, LA ISO27001.
What's in it for the right Senior DevSecOps Engineer / Architect?