DevSecOps Engineer

Job Title: DevSecOps (AWS Security) Engineer

Responsibilities:

• Implement and optimize security controls for AWS cloud infrastructure.
• Monitor and review application and infrastructure security posture, initiating remediation efforts with relevant teams.
• Recommend new or revised security measures and countermeasures for current security challenges.
• Integrate DAST and SAST tools seamlessly into CI/CD pipelines.
• Collaborate with DevOps and Platform teams to ensure security considerations are embedded from the outset.
• Automate security testing (e.g., vulnerability scanning, static code analysis) within the deployment pipeline.
• Identify, create, and implement security standards for CI/CD pipelines and infrastructure deployment automations.
• Oversee the implementation and administration of logging and monitoring services to safeguard the security and integrity of applications.
• Create and maintain system documentation, architecture diagrams, and online collaborative documentation (e.g., Wiki) with high quality.
• Support software engineers in following the software delivery lifecycle and secure development practices.
• Assume a leadership role in knowledge transfer and skill development for team members.

Requirements:

• 5 years of demonstrable experience with AWS cloud security infrastructure and tools.
• Experience with three or more of the following AWS services: GuardDuty, CloudTrail, CloudWatch, Inspector, SecurityHub, TrustedAdvisor, Config, ControlTower / GuardRails.
• Experience using organizational cloud governance constructs (e.g., AWS Organizations including OUs and SCPs).
• Strong understanding and experience with IAM, including roles and policies.
• Strong understanding and experience with cloud access control & security mechanisms (e.g., ACL, Security Groups, VPCs).
• Strong knowledge of application development, systems engineering, and network engineering to develop security requirements and best practices, enterprise risk assessment methodologies.
• Experience with CI/CD pipeline tooling (Artifactory/ECR, GitHub Actions).
• Experience with tools such as CloudWatch, Config, Control Tower, Inspector, and Wiz.
• Ability to show initiative and translate business requirements and needs into technical, secure solutions.
• Excellent communication skills with the ability to communicate complex security concepts clearly and concisely.
• Experience mentoring other engineers.
  

About Korn Ferry

Korn Ferry unleashes potential in people, teams, and organizations. We work with our clients to design optimal organization structures, roles, and responsibilities. We help them hire the right people and advise them on how to reward and motivate their workforce while developing professionals as they navigate and advance their careers. To learn more, please visit Korn Ferry at www.Kornferry.com