Job Details

Senior DevSecOps Engineer Work at Home or Virtual Optional

Company name
Humana Inc.

Location
Ridgeland, MS, United States

Employment Type
Full-Time

Industry
Work At Home, It

Posted on
Jun 26, 2021

Apply for this job






Profile

Description

The Senior DevOps Engineer Enables the automation of software code deployment by eliminating functional silos existing between development and production. The Senior DevOps Engineer work assignments involve moderately complex to complex issues where the analysis of situations or data requires an in-depth evaluation of variable factors.

Responsibilities

In this role you will be on a team of security engineers performing triage, analysis, hunting bugs, driving DevSecOps adoption, delivering on our 'everything is code' approach to product development. Your focus will be shift left DevSecOps opportunities, CI/CD Pipeline scanning, enablement and engineering automation.

We are looking for someone with at least 3 years of application security and or offensive security experience

You are a great fit if the following are true:

You can handle complicated bugs and complex application security issues.

You love developers, teaching, learning, and research.

You have a home lab and constantly learning.

You are passionate about customer experience.

You love breaking and building, can code and hack.

Know the OWASP top 10 and understand defensive coding techniques.

Have experience with Git, Gitflow, SAST, DAST, SCA, IAST tooling.

Architects and Red Teamers don't scare you.

You love open source, community and collaboration.

Have deep experience breaking web applications, APIs, mobile apps and anything that compiles.

Can distill complicated issues and communicate to senior leaders the why it's important and how it works.

You have a strong scripting and automation background (you can write in one or more of the following python, JavaScript/TypeScript or PowerShell) Python preferred.

Azure Devops or Github automation, or similar experience with CI/CD tooling.

Proficiency with managing supporting & deploying Checkmarx, AppScan, Veracode, Rapid7, Fortify or similar tools.

Responsibilities :

Partner with our Security Advocate Community, Compliance and governance, platform teams, DevSecOps and DevOps teams.

Improve and expand application security quality across our entire portfolio of applications.

Mentor others, you love to share and support, serve as expert for escalated analysis.

Contributes to inner source and demonstrates engineering community engagement.

Review and research issues from our Threat Modeling program, tying potential threats to visible defects from security scans

Help developers solve application security defects.

Contribute to and execute on our secure software development strategy for the enterprise.

Improve and expand application security quality across our entire portfolio of applications.

Required:

At least 3 years of experience with Application Security, including familiarity with the leading toolsets supporting Application Security (dynamic and static). Experience with Checkmarx, AppScan, Burp Suite, Contrast, VeraCode, NowSecure, Blackduck, WhiteSource, Fortify or similar tooling.

Strong application security experience across a variety of technologies and languages.

Deep experience in static code analysis and third-party software composition analysis.

Deep experience with BurpSuite and breaking web applications.

Excellent communication skills with the ability to influence others

Analytical and problem solving skills

Strong scripting skills, can quickly find common issues across large code bases or IP ranges.

Contributes to the broader security or open source community.

Must be passionate about contributing to an organization focused on continuously improving consumer experiences

Must be passionate about developer experience, privacy, security, quality and product delivery

Can demonstrate exploitation and break applications with ease, is creative and thinks evil by default.

Preferred :

Prior experience leading an application security program, with 1000 stakeholders and development teams in the portfolio

Prior experience managing, supporting and deploying SAST/DAST and Open Source Analysis programs and tools across an organization

Cloud experience or experience with Docker or similar container platforms.

Working knowledge of Linux and Windows operating systems

Reverse engineering, bug hunting, vulnerability assessment, or exploit development experience.

Strong Experience with one of the following: C#, JavaScript, Java, Python, ruby or similar.

You understand design, delivery, and ownership along with modern SDLC practices.

Knowledge of common information security management frameworks, including but not limited to:

ISO 27001/27002, ITIL, COBIT, NIST, BSIMM.

Professional security certification, such as OSCP, Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials a plus but not required.

Experience with Service Now Asset Management is a plus

Scheduled Weekly Hours

40

Company info

Humana Inc.
Website : http://www.humana.com

Similar Jobs:
Description We have an exciting opportunity to join our team and be a part of modernization our Data Ecosystem at Humana from an on prem solution to a cloud solution. As a Senior Software Engineer you will be able to utilize your...
Description The Associate Director, DevSecOps Engineering Enables the automation of software code deployment by eliminating functional silos existing between development and production. The Associate Director, DevOps Engineering ...
Job Information Humana Senior Cloud Engineer (Migration & Modernization) in Ridgeland Mississippi Description In support of Humana's vision to create simple, personalized and reliable experience for our healthcare customers, we ar...
I found a new job! Thanks for your help.
Thomas B - ,
  • All we do is research jobs.
  • Our team of researchers, programmers, and analysts find you jobs from over 1,000 career pages and other sources
  • Our members get more interviews and jobs than people who use "public job boards"
Shoot for the moon. Even if you miss it, you will land among the stars.
InformationTechnologyCrossing - #1 Job Aggregation and Private Job-Opening Research Service — The Most Quality Jobs Anywhere
InformationTechnologyCrossing is the first job consolidation service in the employment industry to seek to include every job that exists in the world.
Copyright © 2024 InformationTechnologyCrossing - All rights reserved. 21 192