DevSecOps Assurance Specialist

Iron Systems is an innovative, customer-focused provider of custom-built computing infrastructure platforms such as network servers, storage, OEM/ODM appliances & embedded systems. For more than 15 years, customer have trusted us for our innovative problem solving combined with holistic design, engineering, manufacturing, logistic and global support services.

Job Title: DevSecOps Assurance Specialist

Location: Dallas, TX(Hybrid- 3 days a week, must be onsite on day 1)

Responsibilities:

• Provide technical security risk oversight of DSO Assurance processes
• Review and approval of security vulnerability acceptance requests
• Ensure adherence to security requirements and vulnerablity remediation SLAs
• Active participation in recurring security and vulnerability oversight meetings
• Assist with daily DevSecOps Security Assurance operational and enforcement processes for our current suite of security automation tools.
• Provide support to IT teams for enhancing security and protection controls in relation to security automation, CI/CD, DevSecOps, and vulnerability remediation.
• Participate in DevSecOps Security Assurance projects and initiatives as assignedQualifications:
• Extensive experience working with widely used security automation technologies such as:
• Static Application Security Testing (SAST)
• Software Composition Analysis (SCA)
• Open Source software vulnerabilities
• Dynamic Application Security Testing (DAST)
• Interactive Application Security Testing (IAST)
• Container and image security scanning
• API security scanning
• Practical experience analyzing vulnerability data to understand and communicate risks, concerns and outcomes of decisions
• Experience with CI/CD pipeline tools and technologies such as Bamboo, Jenkins, GitHub, GitHub Actions, Artifactory, Nexus, Docker, Kubernetes, Ansible, or Terraform, and Atlassian Suite (Jira, Confluence, Bitbucket)
• Working knowledge of OWASP Top 10, SANS Top 25, NIST/NVD (National Vulnerability Database), CVSS (Common Vulnerability Scoring System), CVE (Common Vulnerabilities and Exposures), technical security vulnerability remediation/mitigation, and security risk oversight
• Strong, demonstrated analysis and problem-solving, communication, interpersonal skills
• Professional security certification in good standing such as ISC2 CISSP, ISC2 Certified Secure Software Lifecycle Professional (CSSLP), GIAC Security Essentials Certification (GSEC), or CompTIA Security+
• Recent software engineering experience is a plus
• Experience with scripting languages such as PowerShell, Python, Bash, or Postman is a plus