JOIN OUR WINNING TEAM AS ASENIOR DEV OPS SECURITY ANALYST
AT CARFAX WE ARE CONSTANTLY EXPANDING OUR PRODUCT AND TECHNOLOGY OFFERINGS!This means we are continually bringing new, innovative products to market through exciting technology initiatives to help our customers. Come join the success in Biz Tech. As a Senior Dev Ops Security Analyst, you will be responsible for guiding technical teams in building secure products in a DevOps model. The position is targeted to enable better security as part of the software development lifecycle through simple and automated tools that are easily integrated into a developer's workflow. See if you have what it takes to join Team CARFAX!
THE TECH CULTURE AT CARFAX
Having a creative and innovative environment where our techies can collaborate, learn and grow is something CARFAX is passionate about. We have an entire floor dedicated to our techies, designed specifically to enable teams to dream big and produce the best. Along with creating and maintaining awesome software you ll also be able to participate in our quarterly Hack-a-thon s or take a break by kicking back and playing the latest game on x-box when you need to re-boot the mind. Oh, and do you happen to have a dog? CARFAX is dog-friendly and no day goes by where you don t have the chance to visit with one of the visiting pups. We even provide the dog beds, bowls and of course, toys!
AS A SENIOR DEV OPS SECURITY ANALYST, YOU WILL:
Technical point of contact for product teams as it relates to automation, CI/CD, and
DevSecOps
Build tools and automation scripts that enable CARFAX developers to easily consume security services
Improve the accessibility of security through automation, continuous integration pipelines, and other means
Evaluate and recommend products and services across the corporate security technology stack
Research and advises on secure Cloud architecture designs to best practice
Work with teams to identify threats and vulnerabilities by performing threat assessments
Develop technical assessments for new technologies, 3rd party integration initiatives and provide technical support to facilitate compliance with security policies
Develop hardened operating baselines utilizing industry standards and best practice
Develop secure coding guidelines for personnel and provide security awareness and technical training as required
Perform and/or analyze vulnerability scans and penetration tests to direct other parties in properly mitigating vulnerabilities
Security incident response technical lead, performs forensic investigations to determine root causes and determine appropriate security response actions
QUALIFICATIONS:
Bachelor's degree in computer science/related technical field or equivalent experience
6+ years of experience developing secure software products using TDD/Agile/XP/Lean methods
Background in developing and release of software products in cloud, ecommerce and mobile environments
Experience in various development tools, such as Jenkins, GitHub
Comfortable with scripting languages, such as Python, Perl, PowerShell or others
Familiar with common
APPLICATION STACK
technologies (e.g., HTTP, HTML5, AJAX, REST, JSON, etc.) and
PLATFORMS
(e.g., AWS, ReactJS, AngularJS, JAVA, Spring Boot, MySQL, MongoDB, Hadoop, iOS, Android, etc.)
Familiar with containers and container management platforms including Kubernetes
Working knowledge of core
CRYPTOGRAPHY
concepts (Encryption, Key Storage, Hashing, Crypto Libraries, etc.) and how they are applied and attacked in applications
Hands-on experience with port and network scanners (Nessus, Nexpose, Nmap)
Experience with web application scanners (Netsparker) and SAST/DAST testing platforms including Veracode
Experience working with leading firewall, network scanning and intrusion detection products and authentication technologies (Cisco ASA Firepower, F5 ASM, Sourcefire, Okta, etc.)
Experience working with logging, alerting and file integrity monitoring tools
Deep knowledge of common application vulnerabilities, current threat vectors and mitigations.
Knowledge of IP protocols, networks, security architectures and security threats in an IP network
Familiarity with IT security standards, compliance regulations and best practice frameworks (ISO 27001, ISO 27002, NIST, OWASP, SANS, SOX, ITIL, PCI DSS)
Any of these preferred security certifications (CISSP, CSSLP, CEH, GSSP, GWEB)
ABOUT CARFAX
CARFAX, a unit of IHS Markit (Nasdaq: INFO), helps millions of people every day confidently shop, buy, own and sell used cars with innovative solutions powered by Carfax vehicle history information. The expert in vehicle history since 1984, Carfax provides exclusive services likeCarfax Used Car Listings,MyCARFAX,Carfax History-Based Valueand the flagship Carfax Vehicle History Report to consumers and the automotive industry. Carfax owns the world's largest vehicle history database and is a nationally recognized top workplace by The Washington Post and Glassdoor.com. Shop, Buy, Own, Sell Show me the Carfax. Based inLondon, IHS Markit is a world leader in critical information, analytics and solutions.
#J-18808-Ljbffr
Privacy Policy Contact US
Copyright © 2023 Employ America All rights reserved.