The College Board, the national educational organization, is conducting a search for a DevSecOps Architect for our Technology department. This position is based in our Reston, Virginia office Or remote work arrangement.
About the Role
The College Board is rapidly transforming itself into an agile organization, embracing DevOps and cloud-native systems, and focused on improving speed and security of service delivery in support of an important mission. To enable this mission, the College Board is seeking a DevSecOps Architect to be a senior member on the team, responsible for leading the design, architecture, and implementation of next-generation security architecture and automation solutions in our DevOps and cloud transformation initiatives. The DevSecOps Architect is a highly technical and creative contributor to a DevSecOps team, enabling the agile development of secure cloud-based solutions.
Responsibilities of the role
Provide technical leadership, guidance, and direction in the design, development, and implementation of automated solutions, based on a set of standards and processes, that enable College Board developers to own the security of their modern microservices-based cloud software solutions.
Use expert knowledge of security design and development to secure Cloud-based mobile applications and serverless web applications.
Lead security architecture by performing threat modeling, architecture review, secure code review, security and penetration testing, and vulnerability analysis.
Leverage expertise in DevOps and CI/CD tools to architect and build a cloud-based security orchestration platform to be consumed in product pipelines.
Design, build and maintain DevSecOps Pipelines to shift-left security testing
Architect security Infrastructure-as-code blueprints to create enterprise standard patterns with baked-in security
Provide hands-on engineering with code development, review, and testing.
Design and build security products to identify, prevent, and mitigate application and information security vulnerabilities using AWS native, opensource, or internally developed solutions.
Use knowledge of data analytics and machine learning to define an innovative, automated approach to secure company information, infrastructure, intellectual property, and users against accidental or unauthorized modification, destruction, or disclosure.
Perform technology POCs to adopt new Cloud and Security technologies to enable faster and more secure enterprise application development and releases.
Foster, and build a community of practice for collective learning of the security tools, practices, and systems across all disciplines within the College Board.
Provide security training and presentations across multiple levels of the enterprise.
Collaborate with DevSecOps product owner to break down and prioritize work in the product backlog.
Provide technical coaching and guidance to the DevSecOps team.
Act as POC for internal and external technical security escalations.
Qualifications needed for the role
A bachelor's degree in Computer Science, Engineering, or MIS or equivalent experience.
7+ years experience with extensive exposure to numerous aspects of software development, cloud, DevOps, and information security.
An AWS professional level certification is a plus, Security Specialty certification a big plus.
Preferred skills for the role
Expert level experience in architecture design in the areas of enterprise application, serverless, microservices, data, and application security.
Demonstrated security experience with native mobile application development in IOS and Android.