Consultant

Job description:

DevSecOps Engineer - L3
The role will analyze cybersecurity capabilities of systems globally across ICS facilities as well as third party application and infrastructure providers in a multi-business, multi-platform IT environment. This role is responsible for identifying security vulnerabilities in PCs, servers, Operating Systems, custom-developed applications, and APIs used by our end customers. The successful candidate will lead efforts to establish and improve OS, Infrastructure, secure Software development lifecycle (SDLC) activities and identify tools to integrate into the development process to assess the security of applications. When appropriate, this role will perform manual security testing of hardware, OS and application components, like APIs to ensure they are hardened against exploitation. When security flaws/vulnerabilities are identified this role will collaborate with global IT and engineering development teams to have the issue remedied and test plans updated. You will also lead efforts to create an appropriate application security testing plan based on features and changes scoped-in for new updates (releases) for the applications.

Typical Day
Review vulnerabilities resulting from daily Qualys, Webinspect, and Prisma scans. Research and consult with application teams in order to provide guidance in order to remediate vulnerabilities. Review applications and APIs that are utilized within our custom-developed applications/APIs, work with application developers and other IT and engineering team members to understand work to rectify security risk and prioritize work by level of risk. Perform code changes as needed, collaborate with other developers to test and deploy changes. Compile summaries of risk and execute project plan accordingly to complete activities that will reduce risk of the application. Provide BU support during security audit and penetration test initiatives. Complete LTAs and TPRA s relating to software onboarding process, secure the factory initiatives, and vulnerability remediation with IT, business partners, and third-party vendors. Develop and maintain metrics and dashboards to provide visibility to cybersecurity risks for IT and business partner organizations. Develop and execute project plans to ensure enterprise cybersecurity initiatives are delivered to schedule. Partner effectively with key business staff. Act as liaison for BU and GCIO team members with corporate cybersecurity teams.

Education
Bachelor's degree in computer science or equivalent training required. 10-12 years experience required.

Technical Skills
Required:
Good knowledge of hardware, software and other operating systems components
Understanding of engineering applications, infrastructure and embedded software development
Knowledge of securing web applications and interfaces against common vulnerabilities
Good knowledge of firewall operations
Understanding of GITHUB, Azure DevOps and Pipelines or other CI/CD platform
Knowledge of tools and working vulnerabilities identified through Qualys, Webinspect, and Prisma scans
Experience in performing security scans, applying patches, remediating vulnerabilities and code reviews
Deep understanding of client-server architecture and web technologies
Experience in PCLM, Microsoft tools, Ubuntu, Active directory
Experience supporting Agile teams
Experience defining and executing a Secure Software Development Lifecycle
Desired:
Knowledge of securing applications using SAML and OAuth
Capable of performing secure code reviews in Java or .Net programming language
Knowledge of commonly used DAST, SAST, Secrets, and Dependabot tools for testing security vulnerabilities
Working knowledge Common Vulnerability Scoring System (CVSS)
Understanding of Open We