Devsecops Automation Engineer Jobs

When you join Verizon

Verizon is one of the world’s leading providers of technology and communications services, transforming the way we connect across the globe. We’re a diverse network of people driven by our shared ambition to shape a better future. Here, we have the ability to learn and grow at the speed of technology, and the space to create within every role. Together, we are moving the world forward – and you can too. Dream it. Build it. Do it here.

What you’ll be doing...

The Verizon Cyber Security (VCS) organization securely enables the business by protecting assets and information across Verizon networks, infrastructure and applications. VCS integrates cybersecurity governance, policies, technologies and operations across Verizon, and works to incorporate security into the design of technology systems and services.

The Platform Security team within Verizon’s Cyber Security (VCS) organization works to embed security seamlessly into the development and operations lifecycle of technology systems and services.

We are looking for an experienced DevOps Automation Engineer to work collaboratively and creatively in the Security Scanning Center of Excellence Automation team to help integrate security into Agile/DevOps strategy and practices by using DevSecOps principles, processes and tools. You will also build automation/ infrastructure as code to enforce cloud infrastructure security. You will automate security processes into CI/CD pipeline. You will automate integrating security scan reports into dashboards. You will evaluate application security tools and be a subject matter expert for API Security, Open-Source Software Security, and Build Environment Security.

• Staying up-to-date on new security tools & techniques, and act as driver of innovation and process maturity.
• Working with teams to bring continuous improvement to DevSecOps processes and tools.
• Developing automation solutions for scans reporting and dashboard integrations.
• Developing and promoting best practices for DevSecOps and secure CI/CD.
• Deep diving into issues concerning Application Security and develop recommendations and solutions with enterprise focus.
• Contributing to inner source model for secure pipeline scripts.
• Collecting security-related metrics and increasing security visibility across the organization.
• Conducting research and evaluating Application Security Scanning tools, platforms, and processes for Cyber Security initiatives. As a subject matter expert, guide the development teams to improve security posture (API Security, Open Source Software Security, Build Environment Security etc.)
• Deploying and managing security tools to cloud infrastructure platforms such as Google Cloud or AWS, through automation using infrastructure-as-code principles.
• Building and maintaining DevSecOps pipelines to adopt shift-left paradigm for security testing (SAST, DAST, MAST, SCA, Container Scanning, API Security, Build Environment Security etc.).

Where you'll be working...

In this hybrid role, you'll have a defined work location that includes work from home and assigned office days set by your manager.

What we’re looking for...

You'll need to have:

• Experience with hands-on software development or scripting with at least one of these programming languages - Java, Node JS, or Python.
• Four or more years of relevant work experience.
• Bachelor’s degree or four or more years of work experience.
• Experience in at least one of these focus areas - API Security, Open Source Software Security, Build Environment Security, SAST, DAST, Container Security, Cloud Security.
• Experience with AWS services and managing the configurations using IaC.
• Experience with CI/CD tools such as GitLab, Jenkins, Nexus, and Artifactory.

Even better if you have one or more of the following:

• Three or more years of SRE and/or DevOps experience.
• Experience with API, OSS and platform integration.
• Experience in Information Security, Networking or Security Risk Management.
• Knowledge of Agile & DevOps methodologies.
• Experience with software security, secure coding, or software assurance tools and techniques.
• Experience with tools and technologies used throughout secure SDLC (e.g. Fortify, Checkmarx, Veracode, WhiteSource, Blackduck, 42Crunch, Sysdig, ZAP, NowSecure).
• Proven track record of security solution development and contributing to the cloud platforms such as (AWS, GCE, Azure) using Infrastructure as code techniques.
• Experience with Linux Containers (Docker), Kubernetes, and deployment of containerized applications/microservices architectures.
• A degree in Computer Science, Computer Engineering or a related field.
• Demonstrated skill with at least one or more configuration management/scripting technologies such as Ansible, Groovy, AWS, Terraform or Cloud Formation.
• Experience with ISO 27001-2, NIST 800-53, or other controls standards.
• Ability to multitask, take direction, prioritize, and manage multiple activities / tasks to achieve objectives.
• Documentation and organization skills.
• Experience as a full stack developer, with hands-on experience in DevSecOps practices.
• Certifications: One or more of the following CISSP, CISM, CRISC, GSEC.
• Oral, written, and interpersonal skills. Ability to present and communicate to both superiors and peers.
• Experience in software development.
• Experience with Cloud Security (AWS, GCS, Azure).

If Verizon and this role sound like a fit for you, we encourage you to apply even if you don’t meet every “even better” qualification listed above.

22CyberAPP 22CyberOPS

In this hybrid role, you'll have a defined work location that includes work from home and assigned office days set by your manager.

Scheduled Weekly Hours

40

Equal Employment Opportunity

We’re proud to be an equal opportunity employer - and celebrate our employees’ differences, including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, and Veteran status. At Verizon, we know that diversity makes us stronger. We are committed to a collaborative, inclusive environment that encourages authenticity and fosters a sense of belonging. We strive for everyone to feel valued, connected, and empowered to reach their potential and contribute their best. Check out our diversity and inclusion page to learn more.