Must-have skills: DevOPs, DevSecOPs roles, Cloud Service Providers (AWS, DevOps tools such as Git OR Jenkins OR Ansible OR Terraform), Infrastructure as Code (Terraform, Java OR Java Spring Boot OR Python OR C/C, APIs to query RESTful services, Python, Go, or Bash, Kubernetes, Docker, and Rancher, CI/CD, GitLab, SAST, DAST, IAST, MAST; Linux, Hashicorp.
Requirements:
Availability to work at the Client's site in Miami, FL (required);
Experience within DevOPs, DevSecOPs roles (5+ years);
Experience with Cloud Service Providers (AWS heavily preferred) (5+ years);
Experience with DevOps tools such as Git, Jenkins, Ansible, and Terraform
Experience with Infrastructure as Code (Terraform preferred) (2-3 years);
Experience with DevOps and Agile methodologies;
Experience using APIs to query RESTful services and integrate third party services;
Programming experience using one or more of the following: Java, Java Spring Boot, Python, or C/C++;
Experience with security automation and scripting with languages like Python, Go, or Bash;
Experience with container technologies like Kubernetes, Docker, and Rancher;
Experience with security automation, security log review and analysis, threat analysis tools;
Experience with CI/CD - Deployment pipelines, and automated build and configuration tools such as GitLab, Jenkins, Ansible, and Terraform;
Experience with DevSecOps practices, including automation of SAST, DAST, IAST, MAST along with threat modeling, code peer reviews, security remediation and security monitoring/incident response enablement;
Experience in Linux operating systems;
Experience with cloud security controls involving tenant isolation, encryption at rest, encryption in transit, and secrets management (Hashicorp preferred).
Responsibilities:
Design, implement and maintain secure, reusable DevOps pipelines for brand development teams, that align with Carnival global application security standards.
Develop and maintain infrastructure as code (IaC) templates for cloud environments such as AWS, Azure, and Google Cloud Platform.
Work with development teams to ensure that security is built into the SDLC and that all code is secure by design.
Monitor and investigate security incidents and vulnerabilities in the infrastructure and take corrective actions.
Continuously assess and improve the security posture of the brand and contribute improvements back to the global organization.
Program, engineer, implement, and administer IT Security technical control and tools to assess vulnerabilities, mis-configurations and incidents.
Develop and maintain relationships with 3rd party vendors responsible for providing technology services, tools, and consulting.
Perform security reviews of deployments to ensure they meet relevant policies, standards, and guidelines.
Partner with different brand IT resources to automate and enhance security logging and integrate with managed SIEM provider.
Create and distribute security reports to required business and IT units, including vulnerability reports for tracking of remediation.
Respond to escalations and other priorities as required, may require afterhours engagement as needed.
Other projects and duties as assigned (e.g., assisting global application security pillar on pattern and capability design and buildout)
•
Last updated on Jun 9, 2023