Principal DevOps Security Engineer

Company: Disability Solutions
Location: Phoenix
Posted on: February 2, 2025

Job Description:

Job Title:Principal DevOps Security EngineerLocation:Block 23What you'll do:The Principal DevOps Security Engineer is accountable for capability engineering & support for tooling and processes that supports Application Development, Testing, & Build/Deploy (CI/CD) capabilities. As a senior engineer for this domain, this role is responsible for advancing the security capability to develop platforms & services that enable automation, robust testing, & a 'shift left' security mentality as it relates to developing, testing, & deploying application code, as well as infrastructure as code pipelines, that application teams can leverage. This role will collaborate with Enterprise Architecture, Security & the Application Teams to understand needs across the enterprise, as well as evangelize the use of CI/CD pipelines & automation in Software Development Lifecycle processes.This role requires a deep technical understanding in the areas of: DevOps platforms, CI/CD pipelines and integrations, Microsoft Azure DevOps, static/dynamic application security testing, software composition analysis, development frameworks, and configuring and deploying software across multiple environments. Additionally, strong strategic & critical thinking skills as well as communication and collaboration skills are required to develop relationships with multiple delivery teams, business partners, and IT leadership.This position is ONSITE ONLY, and you must be located or willing to relocate to Phoenix, AZ / Dallas, TX / or Columbus, OH.

• Responsible for defining, implementing, & supporting a target state architecture of DevOps platform tooling that supports multiple application teams across multiple development stacks.
• Establish standards and best practices around security scanning automation, vulnerability management, and delivery (containers, PaaS, etc.).
• Guide application teams to integrate automated security scanning into CI/CD pipelines, including but not limited to Static Application Security Testing (SAST), Software Composition Analysis (SCA), and Dynamic Application Security Testing (DAST).
• Troubleshoot and resolve CI/CD pipeline issues from application teams.
• Collaborate with developers to provide guidance on secure coding practices and assist in remediation of security findings.
• Works with security, development architecture and application teams to develop strategy and plan for application and pipeline modernization with a security mindset.
• Collaborate with Security, Risk and Compliance team to create, implement and apply DevSecOps principles, processes and culture that are consumed by application teams.
• Works with Enterprise Architecture, QA, & Security teams to analyze new and emerging trends in DevOps and Development Architecture to ensure standards remain current and relevant.
• Facilitates the evaluation and selection of software product standards and services within the domain of DevOps and Development Architecture.
• Administer cloud-based Azure DevOps Services and security tooling.
• Guide and mentor team members on DevOps best practices and standards.
• Identify bottlenecks and implement solutions to optimize development and deployment processes.What you'll need:
  • 10+ years of related IT experience, with 5+ years in application development with experience building & managing automation using DevOps / DevSecOps platforms & tooling.
  • Bachelor's degree in computer science, information technology, engineering, system analysis or a related study, or equivalent experience.
  • 5+ years administration and support of SAST, DAST, and or SCA security scanning tools (SonarQube, Invicti, GitHub Advanced Security preferred).
  • 5+ years administration and support of Azure DevOps Services including repositories, Pipelines, Artifacts, and work items.
  • Deep understanding and experience in designing & implementing modern continuous integration (CI) and continuous delivery (CD) pipelines that include YAML, security scanning (SAST, DAST, SCA), containerized deployments, and automated testing capabilities (unit tests, regression tests, etc.).
  • Proficiency in Git including branching strategies and pull request best practices.
  • Experience designing & deploying integration applications into public cloud services or iPaaS-based providers (e.g., MuleSoft, Azure, AWS).
  • Knowledge of OWASP Top 10 and the OWASP Testing Guide or other secure coding frameworks (NIST Cyber Security Framework, SAMM, etc.).
  • Demonstrated experience in any of the following technologies: Python, FastAPI, Typescript, Node.js, Angular, React, Java, and .Net.
  • Deep understanding of strategic and new and emerging technology trends, and the practical application of existing, new, and emerging technologies to new and evolving business and operating models.
  • Strong written and verbal communication skills that can develop content for & communicate with Application Development & Infrastructure Engineering teams.
  • The Objective mindset that can think 'enterprise first' and remain unbiased toward any specific technology or vendor choice, with decisions made based on data, analysis, & POC results.
  • Ability to work effectively in a team environment.Preferred:
    • Experience delivering solutions across multiple cloud-based solutions including Azure, and AWS, and deploying to iPaaS solutions such as MuleSoft.
    • Experience in the following tools and technologies: Atlassian Confluence, LucidChart, BurpSuite, Ansible, Terraform, Kubernetes.
    • Experience delivering & operating in the Financial Services industry.
    • Cloud Security Posture Management (CSPM) tooling experience.Benefits you'll love:We offer all the important things you'd want - like competitive salaries, an ownership stake in the company, medical and dental insurance, time off, a great 401k matching program, tuition assistance program, an employee volunteer program, and a wellness program. In addition, you'll have the opportunity to bolster your business knowledge, learning the ins and outs of how successful companies operate and manage their finances, giving you invaluable hands-on experience to help grow your career!About the company:Western Alliance Bank is a wholly owned subsidiary of Western Alliance Bancorporation. Alliance Bank of Arizona, Alliance Association Bank, Bank of Nevada, Bridge Bank, First Independent Bank, and Torrey Pines Bank are divisions of Western Alliance Bank; Member FDIC. AmeriHome Mortgage is a Western Alliance Bank company.Western Alliance Bancorporation is committed to equal employment and will consider all qualified applicants without regard to race, sex, color, religion, age, nation origin, marital status, disability, protected veteran status, sexual orientation, gender identity or genetic information. Western Alliance Bancorporation is committed to working with and providing reasonable accommodations for individuals with disabilities. If you are an individual with a disability and require a reasonable accommodation to complete any part of the application process and/or need an alternative method of applying, please email HR@westernalliancebank.com or call 602-386-2488. When contacting us, please provide your contact information and state the nature of your accessibility issue. We will only respond to inquiries concerning requests that involve a reasonable accommodation in the application process.-- Western Alliance Bancorporation

Keywords: Disability Solutions, Casa Grande , Principal DevOps Security Engineer, Engineering , Phoenix, Arizona