HP Cloud Infrastructure and Automation DevSecOps is an engineering organization specializing in providing a variety of operations support for our partners, including deployment support through all SDLC environments, on-call L2 Production Support/Escalation Management, system/application monitoring, etc. It’s our job to ensure that the various web/cloud-based services that we support are monitored effectively, SLA targets are met consistently, and all production-related outages, degradations, etc., are managed as efficiently and effectively as possible.
We’re hiring a DevSecOps engineer at our Vancouver, WA (or alternatively Corvallis, OR) sites. We have an opening for a full-time expert-level engineer.
As a DevSecOps engineer you will work in a fast paced (Agile) environment supporting multiple projects. You will be working closely with both Development and DevOps engineers in a pairing environment (both local and remote) to help get code released on time and support various facets of the overall release process. You will also be responsible for improving the tools, writing stories, resolving bugs, monitoring and maintaining the test and production environments.
As DevSecOps engineer, you will provide security and compliance training and consultation to Developer and other DevOps teams, and ensure teams are compliant with HP’s security requirements (eg, code scanning, security reviews, penetration testing). This includes active focus on our security development lifecycle/maturity model, advising on risk management/mitigation, and providing guidance on security-related remediation tasks. You will also work closely with HP Global Cyber Security.
You should have the following skills/experience:
- AWS security (IAM roles, policies, security groups, etc.)
- OS security (patching, configuration mgmt., etc.)
- Web application security (OWASP Top 10)
- Experience with SAST/DAST tools (Veracode, Fortify, GitHub Code scanning, etc.)
- Deep Development knowledge and concrete experience, along with strong understanding of the overall Developer perspective
- Working knowledge of Infrastructure as code (eg, Terraform, Terragrunt)
- Solid DevOps experience with a security-focus (eg, Blue Team experience, well informed in cloud security)
- Windows and Linux Sys Admin experience (3+ years) - Strong Windows experience is a must
- Scripting experience in one or more of the following languages: PowerShell and Batch are musts (also desired experience in some of these additional areas: shell, Python, Perl, Php, etc.)
- PKI, SSL Certificate management (and certificate chaining) – OpenSSL, IIS
- Web hosting experience using Apache, Tomcat, and IIS
- AWS experience (EC2, RDS, IAM)
- Knowledge of PSExec
- Strong Troubleshooting & Communication skills
- Excellent written & oral communication skills
- Ability to work both independently and strong collaboration within teams
- Strong coding methodologies & best practices
- BS degree in CS/Math/Engineering with a focus in Security or Software Security Engineering