Passer au contenu principal

DevSecOps Specialist

Security

Job Summary :

Equifax is looking for a DevSecOps Specialist for Equifax Workforce Solutions.  In this Information Security Office role, partnering with our Technology Teams, you will ensure that the proper security controls are built into every phase of the product development process, that these controls are effective, and that the Security and Technology teams increase in efficiency, scale, and maturity together over time.  This person must be able to work from our Saint Louis, MO Office location.

   

What you'll Do :  

  • Engage directly with our development teams, guiding their technical leaders in performing security responsibilities, growing their proficiency, and validating their work.  

  • Responsible for security focused implementations and improving the security profile of your given area of responsibility.

  • Function as our expert in evaluating risk and determining remediation strategies for security issues occurring in software, middleware, libraries, and other third-party dependencies.

  • Guide and evaluate development teams on proactive security practices, including but not limited to threat modeling, security analysis of use cases, and the motivations, tools, techniques, and processes of various types of adversaries

  • Lead periodic assessment of Engineering’s SSDLC competency, directly drive improvements therein, and report out to technology and security leaders .

  • Review static and dynamic code analysis tools

  • Guide teams on effective use and response to findings in the  code scanning tools.

  • Share defensive programming techniques, the OWASP Top 10, and other common software security patterns and anti-patterns with engineering teams. 

  • Engage directly with the teams on how to close software security findings (Fortify, pen tests) and implement practices that can help them avoid future findings.

  • Assist security colleagues in evaluating the business and security risk of software security vulnerabilities.

  • Suggest practical, effective, and scalable mitigation strategies for short and long term situations.

  • Create a vibrant, motivated, passionate community of senior developers, Security Champions who will be responsible for driving mature security practices among the developers and other staff in their Squads

  • Establish and grow intellectual curiosity for software security in the organization, and help management to establish effective incentives which result in more secure products and code.

  • Build relationships with senior technology leaders, seeking their feedback, building a software security program that integrates well into their established tools, workflows, and practices, realizing that the most successful change efforts empathize with the communities they affect.

  • Integrate flawlessly with the Equifax corporate product security team, who is responsible for the global software security and SSLDC programs. 

  • Consuming their products and processes, advancing the adoption of their standards into Workforce Solutions. 

What You’ll Need:

  • At least 8 years experience as a software developer and development operations, building and shipping code ( Full stack Java, C#,CI/CD, Automation)

  • 3+ yrs  of  experience in applying software security practices throughout the development lifecycle. 

  • 2+ yrs of experience in cloud-native environments.

  • 1 yr of experience working in an Agile environment

 

What can set you Apart :

  • Bachelor of Science in Computer Science, Computer Engineering, Electrical Engineering, or a related field preferred.

  • Experience in construction and delivery of solutions on the Google Cloud Platform, Azure or AWS .

  • Previous experience directly configuring and operating security controls such as WAF, SAST, DAST, API protection, authentication gateway, certificate management, etc.

  • Information security experience with a particular emphasis on application security. How to assess vulnerabilities in software, how to determine risk, how to mitigate and remediate various software vulnerabilities.

  • Engineering experience in secure development practices, such as threat modeling, development of use and abuse cases, key patterns and anti-patterns that drive secure software, successful habits, common mistakes, etc.

We offer comprehensive compensation and healthcare packages, 401k matching, paid time off, and organizational growth potential through our online learning platform with guided career tracks.

 

If this sounds like somewhere you want to work, don’t delay, apply today - we’re looking for you!

 

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Travailler chez Equifax 

Nous croyons en une mentalité de croissance. Chez Equifax, cela comprend offrir à nos employés des occasions de donner le meilleur d’eux-mêmes et d’acquérir de nouvelles compétences en cours de route pour inspirer et bâtir des carrières épanouissantes.

 

Laptopv2

Joignez-vous à notre communauté de talents

En savoir plus sur les possibilités de carrière et les événements à venir chez Equifax

S’inscrire