The Consortium, Inc.

DevSecOps Architect

The Consortium, Inc. - Reston, VA

TECHNICAL SKILLS

 

Must Have

  • Amazon Web Services (AWS) services including IAM, Lambda, Cognito, CloudWatch, CloudFormation, SNS/SQS, S3, CloudFront, API Gateway, Dynamo, Organizations Experience with AWS Config, WAF/Shield, Guard Duty, Security Hub, KMS, SSM

     

  • Architecture

     

  • AWS CloudFormation, CDK

     

  • bachelor’s degree in Computer Science, Engineering, or MIS

     

  • DevOps

     

  • Information Security

     

  • Node.js, React, JavaScript, and Python development

     

  • OWASP Top10, CVE, CVSS, CWE

     

  • SAST, DAST, SCA, IAST, and RASP

     

  • secure software development guidelines and in performing security code and design reviews for modern cloud-native web and mobile applications

     

  • software development

     

  • technical leadership to an Agile Scrum team

     

 

 

Nice To Have

  • Akamai WAFand CDN products

     

  • AWS Certification

     

  • Security Specialty Certification

Position: DevSecOps Architect

Team: Infosec & Infrastructure

Profile: Technologist with hands on yet leadership and strategic ability to architect solutions for information security application development. Software engineer with a speciality in coding for security. This is a software development team - we need someone who has developed, loves security and eye for it...strong IaaC experience, understand Lambda (preferred architected it out) but strong container (Docker, kubernetes) will be considered if all the other items exist.

2 references required before offer process can initiate; preferably one manager and one lead and must include the following questions in addition to the others you have in your process:

  1. What type of work environment do you think the individual would be most likely to thrive in and why?
  2. What are the candidate’s biggest strengths and weaknesses?
  3. What type of work environment do you think the individual would be most likely to thrive in and why?
  4. What advice can you give me to successfully manage this candidate?
  5. What was one of the individual's most memorable accomplishments while working with you?

About the Role

We are rapidly transforming ourselves into an agile organization, embracing DevOps and cloud-native systems, and focused on improving speed and security of service delivery in support of an important mission. To enable this mission, the College Board is seeking a DevSecOps Architect to be a senior member on the team, responsible for leading the design, architecture and implementation of next generation security architecture and automation solutions in our DevOps and cloud transformation initiatives. The DevSecOps Architect is a highly technical and creative contributor to a DevSecOps team, enabling the agile development of secure cloud-based solutions.

Responsibilities of the role

  • Provide technical leadership, guidance and direction in the design, development, and implementation of automated solutions, based on a set of standards and processes, that enable College Board developers to own the security of their modern microservices-based cloud software solutions.
  • Use expert knowledge of security design and development to secure Cloud-based mobile applications and serverless web applications.
  • Lead security architecture by performing threat modeling, architecture review, secure code review, security and penetration testing, and vulnerability analysis.
  • Leverage expertise in DevOps and CI/CD tools to architect and build cloud-based security orchestration platform to be consumed in product pipelines.
  • Design, build and maintain DevSecOps Pipelines to shift-left security testing
  • Architect security Infrastructure-as-code blueprints to create enterprise standard patterns with baked-in security
  • Provide hands-on engineering with code development, review, and testing.
  • Design and build security products to identify, prevent, and mitigate application and information security vulnerabilities using AWS native, opensource, or internally developed solutions.
  • Use knowledge of data analytics and machine learning to define an innovative, automated approach to secure company information, infrastructure, intellectual property, and users against accidental or unauthorized modification, destruction or disclosure.
  • Perform technology POCs to adopt new Cloud and Security technologies to enable faster and more secure enterprise application development and releases.
  • Foster, and build a community of practice for collective learning of the security tools, practices and systems across all disciplines within the College Board.
  • Provide security training and presentations across multiple levels of the enterprise.
  • Collaborate with DevSecOps product owner to breakdown and prioritize work in the product backlog.
  • Provide technical coaching and guidance to the DevSecOps team.
  • Act as POC for internal and external technical security escalations.

     

    Qualifications needed for the role

    • A bachelor’s degree in Computer Science, Engineering, or MIS
    • 7+ years’ experience with extensive exposure to numerous aspects of software development, cloud, DevOps, and information security.
    • An AWS professional level certification is a plus, Security Specialty certification a big plus

      Preferred skills for the role

    • Architecture:
    • Expert level experience in architecture design in the areas of enterprise application, serverless, microservices, data, and application security.
    • Demonstrated security experience with native mobile application development in IOS and Android.
    • Strong experience with Docker containers, Single-Page Application design, SOA, RESTful API
    • Hands-on experience implementing CI/CD and Infrastructure-as-code
    • Strong working knowledge of Web Application Firewall, DDOS mitigation
    •  

    • AppSec:
    • Strong working knowledge of OWASP Top10, CVE, CVSS, CWE
    • Experience with a broad range of AppSec tooling including SAST, DAST, SCA, IAST, and RASP.
    • Experience in establishing secure software development guidelines and in performing security code and design reviews for modern cloud-native web and mobile applications
    • Cloud Domain:
    • Solid hands-on experience designing secure solutions using Amazon Web Services (AWS) services including IAM, Lambda, Cognito, CloudWatch, CloudFormation, SNS/SQS, S3, CloudFront, API Gateway, Dynamo, Organizations
    • Experience with AWS Config, WAF/Shield, Guard Duty, Security Hub, KMS, SSM
    • Experience with Akamai WAF and CDN products is a plus.
      • Development Domain:
        • Hands-on experience with Node.js, React, JavaScript, and Python development
        • Experience building infrastructure as code using AWS CloudFormation, CDK, etc.
        • Experience with automated build, testing and continuous deployment of Cloud based applications using at least one of the following: Code Pipeline, Ansible, Chef, or Puppet
        • Leadership:
        • Strong experience providing technical leadership to an Agile Scrum team
        • Positive role model with emphasis on collaboration, mentoring, and coaching
        • Effective communication skills with both leadership and technical teams
        • Demonstrated ability to provide technology training and support
        • Common Domain:
        • Ability to research, analyze, and distill data to provide options and recommendations to resolve critical problems
        • Working knowledge of IP networking, VPNs, DNS, load balancing and firewalls.
        • Strong decision-making, problem-solving skills, critical thinking, and testing skills
        • Strong interpersonal skills, written and verbal communication
        • Exceptional attention to detail

 

 



Posted On: Thursday, May 27, 2021



Apply to this job
or