DevOps Architect & Security
DevOps Architect & Security
Our client, a large Boston based investment manager, has an immediate need for a DevOpsArchitect with expertisein information security. The role is an open-ended contract for a minimum of 6 months.
The Security Architect is a subject matter expert in Information Security and is responsible for the design, implementation, and effective and efficient maintenance of related technologies, especially in the area of DevSecOps and Application Security. Additionally, this individual has broad and expert knowledge of Information Technology at large, with a firm understanding of related disciplines and how they interoperate. The Security Architect’s deep and broad knowledge enables a holistic understanding of the technology environment.
- Experience with SAST and IAST scanning tools (SonarQube, SonarLint and Contrast Assess OR equivalent preferred)
- Development of Application Security Metrics/BSIMM
- API/MicroServices architecture
Nice to have tools:
- Cloud (Azure/0365 Preferred)
- SCM (NexusIQ or equivalent)
- Assistance with our DevSecOps program including:
- Developing and automation of security metrics and scorecard.
- Transitioning from Appscan to SonarQube for static scanning.
- Assisting with the rollout of our new IAST application security scanner Contrast Assess.
- Assisting with our training program. We have rolled out Learnlink to all development and QA teams. Need some help getting Business Analysts on board.
- Onboarding Data Scientists into our DevSecOps program
- Assistance with security oversight during the implementation of new technologies and SASS applications.
- Assistance with review of our Quant team SDLC processes, in particular data feeds and development practices.
Additionally, the security architect will:
- Proactively develop and maintain strong knowledge of the client’s information systems and their related components, and make recommendation to improve the reliability, scalability, performance, or security of these systems as appropriate. This includes proactive performance tuning and capacity analysis to ensure the client is maximizing its technology investment.
- Leverage technology to automate manual tasks and seek to improve efficiency wherever practicable and appropriate.
- Provide technical support to ensure the ongoing efficient and reliable operations of related client information systems.
- Responsible for addressing technical level security service requests received by clients. Receive documents, solve, and communicate service resolution according to management’s directives and applicable policies, procedures, and standards.
- Perform work within security service levels and strives to improve service levels and maintain excellent client relationships.
- Assist management in determining Information Security strategy and direction for the company and for selected technologies.
- Advise IT management on Information Security issues, systems, processes, products, and services; define requirements in support of budget plans and make recommendations for ways to improve performance and reduce costs.
- Develop, enforce and maintain the client’s Information Security controls, procedures, and standards.
- Responsible for understanding the internal and external technological tools/software used by the Information Security group to maintain compliance, assess threats and vulnerabilities, support remote and Internet access, and manage encryption.
- Take a leadership role in the management of these tools by understanding their purpose, application, and overall maintenance and administration.
- Lead security risk assessments to methodically analyze the client’s information technology assets and processes, identifying risks from both a technical and business perspective, and recommending mitigation strategies to mitigate those risks to an acceptable level Works closely with Information Technology and business units to ensure that security controls are properly implemented across the environment, both during design and after deployment.
- Conduct security investigations according to documented procedures and management’s directives.
- Maintain confidentiality in these matters and work to ensure the confidentiality of other information which is encountered during the discharge of security responsibilities.
- Receive broad goals and overall objectives from Management and proactively establishes and implements the methods to attain them.
- Create solutions that balance business requirements with information and cyber security requirements.
- Assess, establish and monitor countermeasures that protect, detect and/or deter when an unauthorized attempt occurs.
- Serve as mentor to other technical team members and presents technology briefings to IT and business line management as required.
- Bachelor’s degree or equivalent experience in a related technical field. Master’s degree or equivalent preferred.
- Ten or more (7-10+) years of related Information Technology with a minimum of six (6+) years of Information Security-specific experience, three (3) in the area of application security and DevSecOps
- CISSP preferred. Additional possible certifications: CISM, CISA, ISSAP, ISSE
- Strong knowledge of multiple technologies, platforms, and programming languages.
- Solid understanding of Systems Development Life Cycle models.
- Demonstrated ability to interact, build relationships, and communicate well with members of team and management
- Exceptional communication skills with diverse audiences, including facilitation, negotiation and presentation skills
- Strong critical thinking, analytical skills and attention to detail
For immediate consideration, please email Kenny at email@example.com