DevSecOps Engineer

The DevSecOps engineer is a senior engineering role to help support, secure, manage and deploy solutions that support Avant's business objectives. The role is highly technical, and candidates must possess a solid understanding of information security, cloud infrastructure, software and various reference architectures. The role also requires an understanding of Avant's business goals, product strategy and operational requirements in a fast-paced environment. The DevSecOps engineer supports continuous integration and continuous deployment (CI/CD) initiatives and is an integrated team member working with software developers, product engineers, cybersecurity engineers and systems administrators. The DevSecOps engineer acts as a liaison with business stakeholders to understand the strategy and execution outlook. The role is heavily security-focused and ingrained in the CI/CD pipeline automation to deliver security and privacy by design principles and validation throughout the software lifecycle.
DevSecOps engineers have a strong work ethic, perform analytical and critical thinking, and are masterful at meeting change requests on demand. They are expected to work well with business units and possess superior listening and communication skills, in addition to expected technical expertise. DevSecOps engineers embody security-first principles, constantly assess the threat landscape and adapt quickly to manage enterprise risk, as well as integration, configuration and deployment requirements.
What you do at Avant:

• Build relationships with developers, stakeholders and pod leaders to incorporate security principles into engineering design and deployments.
• Supervise implimentation, testing and validation of application security controls across projects.
• Oversee implementation of defensive configurations and countermeasures across cloud infrastructure and applications.
• Draft and uphold Secure SDLC strategy and practices in tandem with other technical team leads.
• Recommend services and tools to enable developers and engineers to easily use security components produced by application security team members.
• Simplify automation that applies security inter-workings with CI/CD pipelines.
• Support the ability to "shift left" and incorporate security early on and throughout the development lifecycle including threat modeling and developer IDE security features.
• Assist prioritization of vulnerabilities identified in code through automated and manual assessments, and promote quick remediation.
• Communicate vulnerability results in a manner understood by technical and non-technical business units based on risk tolerance and threat to the business, and gain support through influential messaging.
• Join forces and provision security principles in architecture, infrastructure and code.
• Partner with CTOC to regularly research and learn new tactics, techniques and procedures (TTPs) in public and closed forums, and work with colleagues to assess risk and implement/validate controls as necessary through the CI/CD pipeline.
• Enrich DevOps architecture with security standards and best practices, promote baseline configuration and work to reduce drift.
• Partner with teams to define key performance indicators (KPIs), key risk indicators (KRIs) and distribute useful program metrics across business units.
• Perform other duties as assigned.

Why you are a fit for Avant:

• At least 7+ years' experience in information technology, information security administration or security operations.
• Experience working with development and infrastructure teams in agile workflows, including Scrum and Kanban.
• Understanding of containerized compute (e.g., Docker) and container orchestration (e.g., Docker Swarm, Kubernetes).
• Understanding of CloudFormation, Terraform, Ansible and Jenkins.
• Proficient in securing Windows and *nix operating systems, applications, networking protocols and devices under a baseline requirement framework.
• Experience with operations and security across Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform (GCP).
• Ability to obtain and maintain technical team and business support to influence a collaborative effort to reduce attack surface while performing rapid, continuous testing and implementation.
• Capable of scripting in Python, Bash or PowerShell.
• Understanding of OWASP, CVSS, the MITRE ATT&CK framework and the software development lifecycle (SLDC) and how to balance the recommendations of each against business priorities.
• Knowledge of Payment Card Industry (PCI), Gramm-Leach-Bliley Act (GLBA), National Institute of Standards (NIST) or Center for Internet Security (CIS) control requirements.

Check out our Avant Blog!
We believe that a diverse set of backgrounds and experiences helps us create the most innovative solutions for our customers. We invite you to apply to our positions even if you do not meet 100% of the qualifications listed in the description. If you're passionate about our mission and aligned to our values, we hope you'll come contribute to our awesome culture.
Why Avant is the place for you:
At Avant, we believe our values make a difference:
Authenticity. We show up to work as our whole selves and make sure others can too.
Collaboration. We can only succeed when we do so as a team.
Problem-Solving. The harder the problem, the more satisfying the solution.
Customer. We are all owners of the customer experience.
Initiative. Plan. Adapt. Get Sh!t Done.
We believe that great ideas come from anyone and anywhere, that everyone is an owner who drives change, and that we have more fun when we work together. We're problem solvers who love collaborating with intelligent and highly-motivated people to reshape the face of digital banking. Avant offers terrific perks and benefits, fun social events with employees who actually like hanging out together, and a flexible growth environment where trying your hand at new projects and being the active owner of your career path is encouraged and supported.
Some of our benefits include:

• Choice of great Medical, Dental, and Vision Insurance Plan options
• 401(k) Match
• Unlimited Paid Time Off
• Flexible Work Environment
• Generous Paid Parental Leave
• Lunch Allowance (Fooda) and In-office Snacks
• WFH Stipends for our Remote Employees
• Access to LinkedIn Learning for Professional Development
• No Meeting Wednesdays - (a.k.a. planned time to Get Sh!t Done)
• Summer Fridays
• Fun In-Office and Virtual Social Events
• And who doesn't love the swag

This position may require you to be fully vaccinated against COVID-19. If required, you'll be asked to provide proof that you're fully vaccinated upon your start date or before working in or visiting our Chicago office. You're considered fully vaccinated two weeks after you receive the second dose of a two-dose vaccine series (e.g., Pfizer or Moderna) or two weeks after a single-dose vaccine (e.g., Johnson & Johnson/Janssen). Failure to provide proof of vaccination may result in termination. Subject to applicable law and requests for accommodation.