Senior Specialist - IT Security (Dev Sec Ops)
Description:
DevSecOps & Secure-SDLC Engineer What can you expect?
Lead initiatives related to DevSecOps and Secure SDLC.
Enhance the company's Secure Software Development Lifecycle (Secure SDLC) to reflect the Application Development Security Policy.
Select and standardize application security tools, including vendor/tool assessments and full POCs.
Integrate Secure SDLC requirements and other security policy/requirements into the DevSecOps processes.
Define and enhance application security requirements and standards designed for agile development methods leveraging traditional, cloud, and container architectures.
We will count on you to:
Advise the application security leadership on best practices and standards around application security tools with a main focus on shift left, create predictable CI/CD pipeline processes, and enable application teams to develop new capabilities securely and free from security defects by design.
Assess security tools and related processes currently used within various Software Development Life Cycle processes to identify improvement opportunities and rationalize the tool set.
Select new application security tools, including vendor/tool assessments, and conduct full POCs to prove that the solutions/products are fit for purpose and fit for use.
Draft documentation for the Secure SDLC and DevSecOps to illustrate the frameworks and process guidelines to internal customers, ensuring the style is palatable and easy to navigate.
Assess the impact of new publications from the security industry (e.g., NIST 800 XXX, ISO 2700X:2022, etc.) on the company's AppSec programs.
Research new trends and advise the application security leadership on the impact of the new trends as they relate to currently used tools, tool chain roadmap, and the efficiency and effectiveness of current processes.
Promote secure coding standards and all related processes.
Promote the priorities set forth by the Global Information Security function and the roadmap set forth by Global Application Security.
Automate and integrate security scan and analysis tools into the DevSecOps pipeline.
What you need to have:
5+ years of DevSecOps and Secure SDLC work experience.
Certifications such as CISSP, CSSLP, cloud security, DevSecOps automation, or similar are required.
Post secondary education or equivalent experience as a DevSecOps Engineer.
Develop, enhance, and implement the Secure SDLC framework.
Design, implement, and rollout DevSecOps automations and tool chains.
Implement sensors to collect data on key metrics for statistics and reporting.
Serve as the subject matter expert in Secure SDLC and DevSecOps.
Advise on processes and standards designed to implement a company's Application Development Security Policy.
Experience in designing Secure SDLC processes and relevant tooling to support the processes.
Experience with software/application analysis tools like SAST, DAST, SCA, threat modeling, supply chain security, etc.
Technical hands on experience in automating and integrating security scan and analysis tools into the DevSecOps pipeline.
Experience in one or more programming languages.
Familiarity with security frameworks (OWASP Top 10, SANS Top 25, CWE).
What makes you stand out:
Identify application security requirements and brainstorm solutions factoring in industry best practices.
Assess the tooling and remediation of threats and vulnerabilities within our software/applications and the hosting environment.
Marsh is committed to embracing a diverse, inclusive and flexible work environment. We aim to attract and retain the best people and embrace diversity of age background, disability, ethnic origin, family duties, gender orientation or expression, marital status, nationality, parental status, personal or social status, political affiliation, race, religion and beliefs, sex/gender, sexual orientation or expression, skin color, or any other characteristic protected by applicable law. In accordance with the Accessibility for Ontarians with Disabilities Act, 2005, Marsh will provide a reasonable accommodation to employees and prospective employees to the point of undue hardship upon request and as required in respect of the individual's particular restrictions and limitations. If you require a specific accommodation because of a disability or medical need, please contact .
Marsh is committed to hybrid work, which includes the flexibility of working remotely and the collaboration, connections and professional development benefits of working together in the office. All Marsh colleagues are expected to be in their local office or working onsite with clients at least three days per week. Office based teams will identify at least one "anchor day" per week on which their full team will be together in person.
The applicable base salary range for this role is $126,000 to $176,000.
The base pay offered will be determined on factors such as experience, skills, training, location, certifications, education, and any applicable minimum wage requirements. Decisions will be determined on a case by case basis. In addition to the base salary, this position may be eligible for performance based incentives.
We are excited to offer a competitive total rewards package which includes health and welfare benefits, tuition assistance, retirement programs as well as employee assistance programs.
#J-18808-Ljbffr