Search by job, company or skills

Deltek

Senior Principal DevSecOps Engineer

Early Applicant
  • 4 months ago
  • Be among the first 50 applicants

Job Description

Company Summary

As the recognized global standard for project-based businesses, Deltek delivers software and information solutions to help organizations achieve their purpose. Our market leadership stems from the work of our diverse employees who are united by a passion for learning, growing, and making a difference.

At Deltek, we take immense pride in creating a balanced, values-driven environment, where every employee feels included and empowered to do their best work. Our employees put our core values into action daily, creating a one-of-a-kind culture that has been recognized globally. Thanks to our incredible team, Deltek has been named one of America's Best Midsize Employers by Forbes, a Best Place to Work by Glassdoor, a Top Workplace by The Washington Post, and a Best Place to Work in Asia by the World HRD Congress.

Please check www.deltek.com for more information.

Position Responsibilities

POSITION SUMMARY:

Deltek is seeking an energetic and driven person to join our Product Security Team. The team member will be focused on DevSecOps, specifically guiding SaaS product security throughout the entire lifecycle, including design, development, deployment, and operations. They'll work closely with Deltek product and engineering teams to implement security at scale using a risk-based approach.

The ideal candidate will act as the security champion for a new SaaS offering and have expertise in reviewing the security of web, desktop, and/or mobile applications. They must be capable of running and interpreting reports from Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and Mobile Application Security Testing (MAST) tools. The candidate should have knowledge of cloud-first, serverless, and micro-service application architecture and relevant security concerns. The ability to read and understand application code is a big plus. They should be able to work and communicate security information with engineering, product management, and senior leadership in an effective manner.

Knowledge of DevOps, Application Security, and Cloud Security is required to be successful in this role.

ESSENTIAL DUTIES AND RESPONSIBILITIES:

  • Ability to work with the Solution and Security architects to contribute to the design and incorporate the operational requirements within the design process.
  • Manage and monitor security throughout the product lifecycle from development to operations with a DevSecOps mindset.
  • Application Security - Collaborate with development and engineering to ensure security steps are performed, findings are analyzed, and remediation performed during the Software Development Lifecycle (SDLC). This includes:
    • Threat Modelling
    • Static Application Security Testing (SAST)
    • Software Composition Analysis (SCA)
    • Dynamic Application Security Testing (DAST)
    • Mobile Application Security Testing (MAST)
  • Cloud Security Ensure cloud security processes are completed and findings are remediated before deployment to production. These include:
    • Infrastructure as Code (IaC), Orchestration, and Automation Security
    • Cloud Security Posture Management (CNAPP, CSPM)
    • Container, and Host Security (CNAPP, CWPP, VMDR)
    • Endpoint Protection (EPP)
    • Network Security and Edge Security
  • Compliance - Maintain compliance with internal policy, industry standards, and regulations including FedRAMP, NIST 800-171, and CMMC.
    • Data Encryption
    • Logging and Monitoring
    • OS Patching and Vulnerability Remediation
    • CIS Benchmarks and DISA STIGs
  • Identify false positives or misconfigurations that can improve tool outputs.
  • Lead remediation and continuous improvement across the product security posture with effective countermeasures and targeted mitigations.
  • Develop clear risk insight from analysis of application security findings.
  • Ability to perform work after normal business hours.
  • Keep up to date with application security trends.
  • Operating vulnerability management processes, suggesting applicable change controls, and security exceptions.

Qualifications

ESSENTIAL KNOWLEDGE & SKILLS:

Desired Education & Experience:

  • Bachelor's Degree in a related field (Computer Science, Cybersecurity, etc.) or equivalent training and experience.
  • Security certification(s) CompTIA, CSSLP, GIAC, ISC2, etc.
  • 7+ years experience in cloud security, application security, DevSecOps, or related areas.

Technical Knowledge and Skill


  • Strong knowledge of security and best practices.
  • Experience with Secure SDLC tools including SAST, SCA, MAST, and DAST.
  • Experience with security for SaaS/Cloud-delivered products including vulnerability management, cloud security, container security, and DevSecOps.
  • Experience with CI/CD pipelines and automation tools such as Terraform, Jenkins, and others
  • Skill with one or more programming or scripting languages (e.g., Java, VB, C#, C++, Ruby, bash, PHP, Python, PowerShell, etc).
  • Experience with security automation.
  • Experience with vulnerability management processes.
  • Credibility and high professionalism.
  • Strong analytical and creative problem-solving skills.
  • Strong verbal, written, and presentation skills; collaborative, innovative, and curious.
  • Attention to detail and follow through on tasks.
  • The position will work closely with Deltek staff in the Philippines, India, US, and EU.

The above statements are intended to describe the general nature and level of expected work for this position. This is not intended to be an exhaustive list of all the responsibilities, duties, and skills required. The duties may be changed, and other duties may be assigned.

Travel Requirements

No

Applicant Privacy Notice

Deltek is committed to the protection and promotion of your privacy. In connection with your application for employment with us at Deltek, it is necessary for us to collect, store and use information about you (Personal Data) to administer and evaluate your application. We are the controller of the Personal Data you provide us and will process any such Personal Data in accordance with applicable law and the statements contained in this Employment Candidate Privacy Notice . Additionally, we have not sold and do not sell Personal Data you provide to us through the job application process.

More Info

Industry:Other

Function:Technology

Job Type:Permanent Job

Skills Required

Login to check your skill match score

Login

Date Posted: 01/07/2024

Job ID: 83624349

Report Job

About Company

Follow

Hi , want to stand out? Get your resume crafted by experts.

Similar Jobs

Senior Cloud DevSecOps Engineer

NXP Semiconductors India Private LimitedCompany Name Confidential

Senior Associate DevSecOps Engineer Consumer Banking Group Technology

DBS BankCompany Name Confidential
Last Updated: 25-11-2024 06:39:20 PM
Home Jobs in India Senior Principal DevSecOps Engineer