The Public Cloud Application Security (DSO AppSec) team is seeking a principal level software engineer with build automation and security expertise to help drive continual improvement to the DevSecOps (DSO) program capabilities, service offerings and roadmap. This position will own the evolution of patterns for secure software development, develop tools to simplify and automate platform administration and provide support for the integration of security test automation & best practices into development lifecycles/workflows. This individual will participate in the prioritization and development of program enablement and educational resources to include platform training, AppSec workshops and scan automation templates. All DSO AppSec team members are expected to develop and maintain DSO program and platform subject matter expertise to provide program ongoing support, training and advocacy.
Responsibilities:
Develop tools for the intake and automation of platform administration and governance
Create and maintain patterns for DSO security tooling usage and integration into software development lifecycles
Partner with development teams to provide support for the adoption security test automation and DSO best-practices
Participate in the development and facilitation of DSO program workshops and leadership presentations
Provide assistance with the prioritization and development of program enablement and educational resources
Partner with program stakeholders to identify and implement process improvement opportunities
Lead cross-functional efforts to identify and implement solutions in support of the DSO platform and processes
Stay up-to-date with Application Security and DevSecOps industry best practices to influence program roadmap
Qualifications:
5-10 years of software development and scripting experience (C#, Java, Python, etc)
5-10 years experience with continuous integration and continuous delivery tools (Jenkins, Azure DevOps, AWS CodePipline, etc)
Experience with application security testing tools (Veracode desired) for static code analysis, dynamic testing, etc.
Subject matter expertise with application security and related DevSecOps best practices
Knowledge of Experience and familiarity with widely accepted vulnerability frameworks (CVSS, OWASP, NIST, etc)
Demonstrated ability to work independently or within cross-functional groups
Experience with the administration of Azure resources is a plus