Senior DevSecOps Engineer 100 Remote

Ourclient leading leader in life sciences and diagnostics is lookingfor Senior DevSecOps Engineer (100% Remote) based out of Santa ClaraCA.

Duration : Long term contract (Possibility of furtherextension)

Weare seeking a highly motivated professional with experience inSecurity and Privacy to join our dynamic team. You will help withthreat modeling application security posture management securityorchestration vulnerability & weakness assessments toimprove the resilience of the organization and its productportfolio.

Responsibilities :

• Developsecurityascode & policyascodepipelines
• Managevulnerabilities (3rd party) and weaknesses (1st party) in Rocheproducts evaluating the criticality for an adequate prioritizationand providing the most suitable remediation working directly withthe product teams as a trusted advisor
• Conductvulnerability monitoring (ondemand) vulnerability scanning andother security testingactivities
• Provideexpertise to product teams and Affiliates to answer inquiriespresales requests contract negotiations and othercybersecurityrelated customersupport
• Contributeto initiatives within the Diagnostic Division to achieve theintegration of defense capabilities into the development of newproducts and in the update / upgrade maintenance and support ofexisting products in collaboration with Product Supportteams.
• Developand automate technical workflows for investigations and assessmentsfor cyber security vulnerabilities and drive onboarding of newproducts in Vulnerability Monitoring and provide training torelevant stakeholders in the organization regarding VulnerabilityHandling and IncidentResponse.
• Developmaintain and continuously optimize processes playbooks and toolsfor Vulnerability Monitoring Vulnerability Management IncidentResponse Threat Intelligence and SecurityTesting.
• Evangelizesecurity and privacy developing Security Champions acrossdepartments involved in the product development andoperations
• Maintainthe product security controls and awareness supporting other PSPOChapters (Solution Architecture Product Support andCompliance / Privacy).

Education / Skills :

• BA / BSin Business Information Systems Computer Science or a relatedrelevant area of study is aplus
• Minimum3 years of related work experience in SDLC & cloudops
• Demonstratedsoft skills : problem solving leadership communication teamworkflexibility andadaptability.
• Demonstratedexperience in Cloud computing technologies full stack deploymentsetc.
• Demonstratedexperience in K8S AWS or GCP Docker and other cloud nativetools
• Demonstratedexperience in Jenkins / ArgoCD / Tekton or another common CI / CD toolchain
• Demonstratedskills in Sigstore SBOM SLSA and secure software supply chainmanagement.
• Abilityto develop Terraform K8S manifests or other forms of infrastructureascode
• Abilityto codify Rego or Cedarpolicies
• Demonstratedexperience in SAST & DAST tools (Checkmarx Snyk MayhemBurpSuite ZAPetc)
• Demonstratedexperience automating security controls (eg shell scriptingpython)
• Indepthexperience in managing information security and privacy risks andthreatmodeling.
• Indepthexperience in vulnerability handling pre and postmarketlaunch
• Indepthexperience in system and cloud infrastructurehardening
• Strongunderstanding of industry standards : ISO 27000 family andHITRUST
• Certificationsare a plus : SANS GIAC (GCIH GPEN GCIA GCFA and others) CEH CISSPCISA CISM LA ISO27001.

CompanyBenefits : Medical Dental Vision Paid Sick leave401K

Ifinterested please send us your updated resume at /

devsecops, security as code, policy as code