DevOps Pen-Testing Security Engineer

We are unable to sponsor for this permanent full-time rolePosition is bonus eligiblePrestigious Financial Institution is currently seeking an DevOps Pen-Testing Security Engineer. Candidate is responsible for driving critical security related projects, managing day to day engineering and assessment tasks, cloud-based initiatives, and DevOps development for security related endeavors. This position is a senior engineering position that requires the ability to complete highly technical tasks as well as provide informational updates to leadership and executive staff.

• Perform cloud assessments, web application penetration testing, mobile application testing, network and operating system assessments
• Perform independent reviews of security, network, applications, and cloud environments
• Plan/Design/Execute security related activities with automation as the primary driver to align with security strategy and vision
• Produce artifacts for various levels of leadership and staff relating to security related activities
• Ensure alignment of security controls as part of Blue Team testing program and supporting services and related policies and procedures with applicable regulations and industry standard best practices
• Assist management with the improvement of policy and procedure to support Security Testing and Blue Team activities as well as other security duties which may arise
• Participate in developing security roadmap, adopt security best practices, and implement new ideas and innovations according to the industry trends
• Continue to support, grow, and assist development current processes and tools

• Requires an in-depth knowledge of security controls and standards in relation to Cloud Security, Architecture, and Security Testing.
• Ability to manage multiple intricate projects with strict deadlines while maintaining best in class work.
• Ability to functionally serve as a primary point of contact across multiple teams within the organization and to lead projects for the entirety of the lifecycle.
• Experience with AWS Services including automation services (Lambda, JSON, etc )
• Experience with DevOps Pipelines and GitHub Repos
• Architectural understanding and expertise of cloud and hybrid cloud infrastructure
• Willingness to train and learn HashiCorp Product line to include Terraform, Sentinel and Hashi Coding Language (HCL) for automated deployment of security tools and services
• Five years Experience with Security Engineering activities and testing.
• Three years of experience with DevOps processes
• Three years experience with AWS architecture and services.

• Certification in at least one or more of the following:
• AWS Certified Solutions Architect
• AWS Certified Security Specialty
• HashiCorp Terraform Associate
• Certification Information Systems Security Professional (CISSP)
• Certified Cloud Security Professional (CCSP)
• GIAC Cloud Security Essentials (GCLD)
• GIAC Cloud Security Automation (GCSA)
• GIAC Security Essentials (GSEC)
• GIAC Defensible Security Architecture (GDSA)