DevSecOps Senior Engineer
Deloitte Services LP includes internal support areas such as Marketing and Communications, Human Resources/Talent, Information Technology, Facilities Management, and Financial Support Services.
DevSecOps Senior Engineer
Location: All Locations (Remote)
Are you passionate about technology and interested in joining a community of collaborative colleagues who respectfully and courageously seek to challenge the status quo? If so, read on to learn more about an exciting opportunity with Deloitte's Information Technology Services (ITS). We are curious and life-long learners focused on technology and innovation.
Work you'll do
The DevSecOps Senior Engineer role works in the Deloitte Function Specific Subsidiaries (FSS) Business Information Security Officer (BISO) organization directly supporting Deloitte's Consulting FSS businesses (Consulting Cyber). The role involves close integration with various FSS client-service leaders, technical and non-technical stakeholders to drive widespread cyber security program adoption. The position will drive the execution and enhancement of cyber security throughout information systems solutions in both on-premise and cloud hosted environments.
We are seeking an enthusiastic, passionate professional for a DevSecOps Senior Engineer position with established experience with cloud (e.g. AWS, Azure, GCP) services, DevOps practices such as build/release management, secure SDLC/DevSecOps practices such as automating security processes in CI/CD pipeline, and general automation. This role will help to design, implement, and support cloud solutions and processes leveraged by large number of applications hosted in our environments. Your skills are broad - implementing cloud and on-premise solutions for various application architectures, scripting, database and other data services - and you easily transition between those and handle multiple projects and priorities.
In addition, the individual will be expected to:
- Engineer and implement solutions and provide recommendations for continuous improvement for the services provided
- Present regular status updates and provide cross training to other DevOps team members.
- Be active in evaluating and recommending new Cloud Data Services technologies including updates to Cloud Data Services as they are released.
- Help to build Agile Strategy and Practice to integrate cybersecurity into the organizational adoption and improvement of agile practices.
- Partner with Solution Engineering and Reliability Engineering team leads to create, implement and apply DevSecOps principles, processes and culture that are consumed by delivery teams across Consulting.
- Provide cybersecurity subject matter expertise in various risk assessments, working in an Agile environment with an understanding of the full software development lifecycle.
- Advocate appropriate cybersecurity software engineering practices such as unit testing, code reviews, full build testing, quality engineering practices and requirements capturing techniques to the teams to improve end to end secure delivery practices.
- Advocate for and ensure appropriate security practices are communicated and implemented within their application security programs. Support adherence and awareness of these practices.
- Partner with development and operations teams to facilitate practical automation solutions and custom modules. Troubleshoot automation issues and when required, engage the resources to find practical solutions that move projects forward in a timely manner.
- Be a trusted automation and tooling advisor for DevSecOps initiatives by providing objective, practical and relevant ideas, insights and advice.
- Assist application teams with on-boarding to the adopted security tools/technologies; working with vendors to troubleshoot the platform and issues related to such integrations.
- Deliver tasks based on project objectives; technically support projects through to completion.
- Ensure deliverables are completed within target timeframes and are consistently of high-quality, documented and support transition of operational activities.
- Collect and format the data required for established KPIs to ensure performance is measured against expected business outcomes.
- Work with teams to bring continuous improvement to DevSecOps processes and tools.
- And other responsibilities as required.
Information Technology Services (ITS) helps power Deloitte's success. ITS drives Deloitte, which serves many of the world's largest, most respected organizations. We develop and deploy cutting-edge internal and go-to-market solutions that help Deloitte operate effectively and lead in the market. Our reputation is built on a tradition of delivering with excellence.
The ~2,500 professionals in ITS deliver services including:
- Security, risk & compliance
- Technology support
- Relationship management
Cyber Security vigilantly protects Deloitte and client data. The team leads a strategic cyber risk program that adapts to a rapidly changing threat landscape, changes in business strategies, risks, and vulnerabilities. Using situational awareness, threat intelligence, and building a security culture across the organization, the team helps to protect the Deloitte brand.
Areas of focus include:
- Cyber design
- Risk & Compliance
- Technology Risk Management
- Identity & Access Management
- Data Protection
- Incident Response and Architecture
- Bachelor's degree: degree in business administration, a technology-related field, or equivalent education-related experience. Master's degree preferred.
- Minimum of 5 years of application security experience with interpreted and compiled programming languages.
- Must have actual/active development experience in an Agile environment.
- Application security experience with Windows and Linux based applications.
- Experience working with teams on multi-tiered, complex distributed web applications (C#, C++, Java, Python, Perl, PowerShell, etc.).
- White box and black box penetration testing experience.
- Working knowledge of Agile, SAFe, and DevSecOps.
- Working knowledge of GIT, JIRA, Jenkins, Docker, Puppet, Chef, other Agile CI/CD and project management tools and Kanban boards.
- Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate strategic information security topics, policies and standards as well as risk-related concepts to technical and nontechnical audiences at various hierarchical levels.
- Professional security management certification strongly desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials.
- Demonstrated competencies in system administration, DevSecOps or systems knowledge, security protocols for client/server environment. Experience working with cloud-based IaaS and PaaS solutions on a windows platform and Open Source/Linux.
- Experience with containerization and orchestration of web services.
- Sound knowledge of business management and an expert knowledge of information / cybersecurity application solution design and testing.
- Strong knowledge of key cybersecurity technologies such as network security tools (firewalls, intrusion detection system (IDS)/ intrusion protection system (IPS), content filtering, network access control (NAC), end-point protection (AV, EDR, MDM), data loss prevention, encryption, vulnerability management, and security information and event management (SIEM).
- Knowledge and understanding of information security legal and regulatory requirements, such as General Data Protection Regulation (GDPR), Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standard
- Knowledge of common information security management frameworks, such as ISO/IEC 27001, COBIT, and NIST, including 800-53 and the Cybersecurity Framework.
How you'll grow
At Deloitte, our professional development plan focuses on helping people at every level of their career to help them to identify and use their strengths to do their best work every day. From entry-level employees to senior leaders, we believe there's always room to learn. We offer opportunities to help sharpen skills in addition to hands-on experience in the global, fast-changing business world. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career.
At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you.
Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can helpthem to be healthy, centered, confident, and aware. We offer well-being programs and are continuously looking for new ways to maintain a culture where our people excel and lead healthy, happy lives. Learn more about Life at Deloitte.
Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with our clients, our people and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities. Learn more about Deloitte's impact on the world.
We want job seekers exploring opportunities at Deloitte to feel prepared and confident. To help you with your interview, we suggest that you do your research: know some background about the organization and the business area you're applying to. Check out recruiting tips from Deloitte professionals. - provided by Dice