Position Overview: As a Security Team DevSecOps Engineer at Colonial Pipeline Company, you will play a crucial role in safeguarding our cloud environments hosted on Google Cloud Platform (GCP). You will work closely with our experienced security team to ensure the confidentiality, integrity, and availability of our clients' data and applications.
Qualifications:
Assist in compliance efforts by implementing security policies and procedures.
Stay up-to-date with the latest security threats and trends, and recommend security enhancements.
Assist vulnerability management team to identify and remediate security vulnerabilities.
Collaborate with cross-functional teams to assess security requirements and provide guidance on secure cloud architecture.
Monitor and analyze security alerts and incidents, taking proactive measures to mitigate risks.
Coordinate with architecture function in the design and implementation of security controls and best practices for GCP environments.
Assist in reporting, explaining, and integrating of remediations around vulnerability from static, dynamic, and real-time code scanning.
Terraform Coding of current and future state security tooling configurations for all or partial security stack implementations.
Design and Implementation of Company Policies into CI/CD Pipelines for enforcing policy requirements based off infrastructure as code (IaC) planning.
Relevant certifications such as Google Professional Cloud Security Engineer, CompTIA Security+, or Certified Information Systems Security Professional (CISSP) are a plus but not required.
Experience with code scanning tooling and their supplemental application in cloud environments.
Experience with Open Policy Agent Rego creation and addition to CI/CD TF planning, templating, and branching strategizes.
At a minimum, 4 years of experience in a DevSecOps environment.
At a minimum, 4 years of experience with HCL, JSON, and Python.
At a minimum, 4 years of active terraform coding experience at the base template/plan level.
Ability to work in a flexible and rapid manner to support Agile security development lifecycles.
Excellent communication and teamwork abilities.
Strong problem-solving skills and attention to detail.
Familiarity with security best practices, including encryption, access control, and identity management.
Basic understanding of cloud computing concepts, preferably with experience in Google Cloud Platform (GCP).
Bachelor's degree in Computer Science, Information Security, or related field (or equivalent work experience).