User avatar
Full Time
22 days ago
About Goatpath Goatpath is SoftwareONE’s software team that builds platforms and products to automate and govern customers’ software and cloud investments through intuitive products they love to use. We are humble, nimble, focused, always ready to do what’s right, not afraid to take the toughest and unmarked path – this is what Goatpath stands for. Within Goatpath there are currently four product groups: Marketplace, Cloud, Digital and Insights. The Marketplace team aims to be at the top of software, while Cloud seeks to build the most simple and intelligent cloud management platform. Insights will allow customers to benchmark their maturity in the space of spend and technology, while Digital will revolutionize how customers will interact with SoftwareONE. All products are built on a shared platform As part of our team, you will be supporting teams and projects by delivering product security and technical support to help our DevOps and engineering team to improve their security posture and respond to the dynamic nature of cyber security threats. You will provide cloud security domain expertise and utilise your business insight to work closely with our teams to advise, design, build and deploy pragmatic security solutions that will provide real and tangible benefits to protect our organisations. You will have a good understanding of the risks that businesses face and how to use the Microsoft Ecosystem to design solutions to mitigate these risks and ensure compliance. As a DevSecOps Engineer, you will be defending information, critical infrastructure applications and critical business processes against cyber threats. You will take on complex problems in project work while supporting new business initiatives and solutions. You will work alongside leadership and have opportunities to work with colleagues across our business. Types of activities for this role include the following: Working directly with our security, product, and engineering teams to implement CI/CD and security best practices across our multi-cloud infrastructure and applications, in a collaborative and automated manner Securing our Software Development Life-Cycle supporting technologies by participating in and improving security-related phases of the cycle. Continually research, communicate, promote and implement improvements in automation and security technologies and practices, deployments and monitoring throughout the organization. Lead the development, evaluation and implementation of static application security testing, libraries, secure container, Infrastructure as code, orchestration, vulnerability management process, tools integration and automation. Research and keep up to date with application security threats, techniques, tools, trends and threat mitigation strategies Responsible for the use and operational maintenance of application security-related systems and tools, actively works on tuning, enhancements, upgrades, and tool integrations. You will have some or all the following skills and experience: ·Experience with cloud environment and security systems preferably (Azure and AWS) with knowledge of secure software development life cycle (SSDLC), CI/CD pipeline, with securing containerized environments (Docker, Kubernetes), DevSecOps and SSDLC process automation is desired ·Hands-on experience in application secure source code review, software composition analysis, opensource and artefact vulnerability management ·Prior experience in writing the code using one or more languages: Java, .Net, Groovy, Python and PowerShell is desired with implementing security measures as Infrastructure as Code (Terraform) ·Knowledge of OWASP, SANS, or other security-related frameworks and penetration testing methodologies · Familiar with laws, regulations, and industry standards such as PCI DSS, GDPR, SHREMS II, CCPA, GLBA, NIST SP800-53 and Cybersecurity Framework, and International Organization for Standardization (ISO) series 27001/2, 27005, 31000 · Hold certifications in one or more of the following: CCSP or CISSP or OSCP, CompTIA Security+, Microsoft Azure Certifications AZ-103, AZ-300, AZ-301, AZ-500, AZ-900