PwC - DevSecOps Engineer
PwC
Luxembourg
il y a 6j
source : ictjob.lu

Context To really stand out and make us ?t for the future in a constantly changing world, each and every one of us at PwC needs to be an authentic and inclusive leader, at all grades / levels and in all lines of service.

As a Senior Associate, you'll work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution.

PwC is looking for a DevSecOps specialist to strengthen the capability of its DevSecOps practice. In this role, you will act as a DevSecOps subject matter expert (SME) and deliver security-focused engagements with Development, Infrastructure and Information Security teams.

You will help our IT teams to embed leading application and software security practices into the DevOps processes, as well as to develop the PwC DevSecOps methodology.

The ideal candidate will be experienced in DevSecOps practices, Native Cloud, software engineering and have demonstrable experience of working with IT teams.

  • The ability to communicate application & software security matters to business and IT leaders is a key value. If you want to extend and develop you DevSecOps knowledge and to establish yourself as a leader in modern application delivery and software security techniques, this role is a unique opportunity! Your mission As a DevSecOps Engineer (m / f), you will : Provide advices on security best practices and guide IT Teams in developing, adopting and enforcing security policies appropriate to our ecosystems;
  • Act as a mentor for our development teams by helping them in the leading application development and security practices implementation;
  • Review and enhance security architectural designs, blue prints and roadmaps; Create, review and implement security design patterns to support application architectures;
  • Create and enhance CI / CD pipelines to include security tools and checks; Drive the development of DevSecOps toolkits, methodologies and accelerators;
  • Determine security requirements, plan, implement and prepare codified security standards, policies, and procedures; Understand current compliance frameworks for cloud providers, as well as future trends;
  • Translate customer business issues / opportunities into technical solution / business requirements; Perform manual security assessments and static code analysis against software source code, Web applications and API's across a variety of technology stacks;
  • Maintain technical IT knowledge and certifications, share this knowledge with the junior team members; Work with colleagues in other services areas and support our cyber security needs.

  • Your profile You have hands-on experience working within a DevOps environment; You have successful experience in helping enterprise deploy important workloads to the cloud or on premise;
  • You have played a pivotal role in building and running the automated test cycle to ensure deployments are secure and compliant;
  • You have experience identifying, assessing and providing remediation options for software, Web application and cloud technology related security risks;
  • You possess a solid understanding of native cloud security tools on one or more of the major cloud platforms; You have knowledge of cloud security principles;
  • You have proven experience in building and securing CI / CD pipelines; You have experience using DevOps tools, such as Azure DevOps / Jenkins, Ansible, GIT, Gradle, Docker, Kubernetes, Puppet, PKS, etc.

  • You have extensive experience with container orchestration; You are experienced with Agile methodologies such as Scrum, Kanban, and Lean;
  • You have extensive experience of security focused Software Composition Analysis, SAST and DAST tools, such as Sonatype, Fortify, Veracode, Contrast, AppScan, etc.

  • and can integrate them into automated pipelines; You have a detailed understanding of security operations and risks; You possess strong knowledge of MicroService architectures' and API based solutions;
  • You have expert familiarity with multiple programming languages and secure coding practices; You hold or are actively pursuing security-related professional certifications like CISSP, CISM or CISA;
  • You are fluent in written and spoken English and French; Cloud security certifications are desirable.

    Postuler
    Mon email
    En cliquant sur « Continuer », je consens au traitement de mes données et à recevoir des alertes email, tel que détaillé dans la Politique de confidentialité de neuvoo. Je peux retirer mon consentement ou me désinscrire à tout moment.
    Continuer
    Formulaire de candidature