Do you have one foot planted in the security realm, the other in DevOps automation, and the third in the AWS cloud? When someone mentions an AWS service, is the first thing you think about threat models and mitigation? Do you cringe when you see someone uses the AWS console for anything other than perusing resources?
If so, Verizon is looking for Cloud Security Developers as part of our “Public Cloud First” Journey. If you don’t understand how anyone can consider DevOps automation and security as anything but inseparable, you may be just the individual we are looking for.
At Verizon, we’re seeking highly technical cloud computing security experts with whom DevOps automation is second nature, to work on enabling a secure foundation for hosting critical workloads in AWS. Our Cloud Security Developers will work with our application developers to bring the most secure cloud platform to bear on their problems through automated, repeatable processes.
While you must be able to communicate effectively with our customers to help them understand security issues and solutions as well as continuous delivery/Cloud concepts, this is very much a “hands-on” role. You will be expected to be at home creating automated solutions with CloudFormation, Ansible, Jenkins and other DevOps tools. While effective and articulate communication is essential, being able to breathe life into those ideas with code is equally critical.
- Develop Security Code and Templates across Security Epics/Pillars with specialization in one of the security Epics – IAM, Data Protection, Logging and Monitoring, CICD Security, and Compliance/Vulnerability Analysis.Build Cloudformation Template Library for Security Services such as Encryption, Security Groups, WAF, Logging and Monitoring, Remediation, Identity and Access Mgmt etc.
- Write Code for Detective and Reactive Control Areas such as Security Logging, Monitoring, and Remediation. Perform Security Health Checks in the Public Cloud environment and develop code to address recurring issues. Develop detective and responsive controls using tools such as CloudWatch, Splunk, and Lambda. Perform Security Healthchecks using native AWS tools such as Trusted Advisor, Inspector;
- Implement and support third party AWS ecosystem tools. Examples include Dome 9 - Network Security, TwistLock - Container Security, Cloud Custodian - Compliance, Evident.IO - Compliance etc.
- Develop Test Automation for all Security APIs. Use Jenkins, Open Source Tools like CFNNAG, Security Test Automation Tools like ServerSpec, Inspec,to develop a CICD Security Testing Pipeline. Harden the CICD Security Testing Pipeline to ensure that security controls are implemented for Jenkins, Ansible, Stash etc.
- Leverage DevOps Tool Chain to maintain source code repository, continous integration and deployment pipelines, test automation , and monitoring infrastructure. Adopt and evangelize Agile practices and tools such as JIRA to deliver iterative working software.
- Bachelor’s degree or equivalent work experience.
- Six or more years of relevant work experience.
- Software development or infrastructure experience.
Ideally, you’ll also have:
- Two or more years with AWS/Public Cloud (AWS Certified), seven or more years of software development or infrastructure experience.
- Two years in Security, Compliance and risk management, including privacy, controls, etc.
- IT Security Frameworks such as NIST, ISO27001, PCI, DSS.
Programming and Ops Skills
- AWS SDK and CLI
- Linux and Windows System Administration
Public Cloud Services
- Hands-on experience with Security Services in AWS such as IAM, KMS, VPC, Security Groups, AWS Inspector.
- Expertise in at-least 2 of the 10 security epics across data protection, compliance and validation, vulnerability analysis, network security, infrastructure security, CICD Security, Identity and Access Mgmt, Logging and Monitoring, Incident Response, Big Data and Analytics, and Resiliency.
- Hands-on experience with Management Services such as CloudWatch, Lambda and AWS Config.
- Hands-on experienceof Infrastructure and Platform Services such as EC2, RDS etc.
- Knowledge and hands-on skills with Docker, ECS, Kubernetes, and Container Security Tools.
Agile and DevOps Toolsets
- Expertise with JIRA.
- Experience with Test Automation Tools such as Ruby, Server Spec.
- Expertise with Jenkins, Ansible, Stash, Confluence.
- Can Do, Customer Centric Attitude.
- High Collaborationand Influence Skills.
- Willingness to share and learn from others.
- Excels in Written and Verbal Communication Skills.
- Tolerant of Ambiguity and Changing Environment.
Verizon will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of the Los Angeles Fair Chance Initiative.
Equal Employment Opportunity
We're proud to be an equal opportunity employer- and celebrate our employees' differences, regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or Veteran status. Different makes us better.
Click here for more info: http://www.verizon.com/about/work/jobs/6441950-cloud-security-developer
• Post ID: 97031701 newyork