Essential Duties and Responsibilities:

- Design and implement security measures across all stages of the software development lifecycle from architecture and design to deployment and operations.

- Develop, maintain, and optimize automated CI/CD pipelines to ensure secure, scalable, and efficient application delivery.

- Manage and secure multi-cloud infrastructure (AWS, Azure, GCP), with a primary focus on AWS, including networking, storage, and compute resources.

- Ensure compliance with industry standards and regulatory frameworks (e.g., HIPAA, PCI-DSS, FedRAMP) by implementing robust governance policies.

- Establish and maintain security monitoring, incident detection, and response protocols to safeguard systems and data.

- Collaborate with development, operations, and security teams to promote security best practices and mentor junior engineers.

- Conduct regular security assessments, including vulnerability scans and penetration testing, to proactively identify and mitigate risks.

- Evaluate, deploy, and manage security tools (e.g., SAST, DAST, SIEM) to protect and monitor the environment effectively.

*********Minimum Requirements:

- Bachelor's degree in relevant field of study and 7+ years of relevant professional experience required. 

Security Integration: Design and implement security measures at every stage of the software development lifecycle, from design to deployment.Automation & CI/CD Pipelines: Develop, maintain, and enhance automated CI/CD pipelines, ensuring secure and efficient delivery of applications.Cloud & Infrastructure Security: Manage and secure cloud infrastructure (AWS, Azure, GCP), including networking, storage, and compute resources, with a key focus on AWS.Compliance & Governance: Ensure compliance with industry standards and regulations (e.g., HIPAA, PCI-DSS, FedRAMP) and implement governance policies.Incident Response & Monitoring: Establish and maintain security monitoring, incident detection, and response protocols.Collaboration & Mentorship: Work closely with development, operations, and security teams to promote security best practices and mentor junior engineers.Risk Assessment: Conduct regular security assessments, vulnerability scans, and penetration testing to identify and mitigate risks.Tooling & Technology: Evaluate, deploy, and manage security tools (e.g., SAST, DAST, SIEM) to protect and monitor the environment.

Qualifications:

Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent experience). 10+ years of experience in DevOps, DevSecOps, or a similar role, with a strong security focus. AWS Certified DevOps Engineer certification or similar Proficiency in cloud platforms (AWS, Azure, GCP) and containerization technologies (Docker, Kubernetes) with a key focus on AWS and EKS Experience with infrastructure as code (IaC) tools such as Terraform, Ansible, or CloudFormation. Proficiency in CI/CD tools like AWS CodePipeline, Jenkins, Azure DevOps Server Strong knowledge of security frameworks and standards (e.g., NIST, ISO 27001, OWASP). Familiarity with programming and scripting languages (e.g., Python, Bash, Go, Bash). Experience working in an agile environment leveraging the SAFe framework Excellent problem-solving skills and the ability to work in a fast-paced, collaborative environment. Strong communication skills, with the ability to convey complex security concepts to technical and non-technical stakeholders.

Preferred Qualifications:

Relevant certifications such as CISSP, CISM, CEH, or AWS Certified Security - Specialty. Experience with microservices architecture and API security. Strong understanding and working experience with enterprise applications, containerized application workloads Strong understanding of networking concepts Knowledge of network security principles and technologies (e.g., Firewalls, VPNs, IDS/IPS).