Lead DevSecOps Engineer

Reston, VA

The College Board logo
The College Board
Apply now

Posted 1 week ago

The College Board, the national educational organization, is conducting a search for a Lead DevSecOps Engineer for our Technology department. This position is based in our Reston, Virginia office.

About the College Board

We are a mission-focused, not-for-profit membership organization that believes in promoting innovation, equity, and excellence for generations of students.  Our members include more than 6,000 of the world’s leading colleges, schools, and other educational organizations. We have over 1,900 employees in 13 offices across the U.S. and Puerto Rico.

We are advocates for children and parents; we empower teachers and educators, and we are a strong presence in thousands of schools and communities across the country through programs and services - the SAT, Advanced Placement (AP®) and Pre-AP are just a few. Our work falls broadly into four categories: College Readiness, College Connection & Success, Student Opportunities, and Advocacy.

About the Role

The College Board (CB) is rapidly transforming itself into an agile organization, embracing DevOps and cloud-native systems, and focused on improving speed and security of service delivery in support of an important mission. To enable this mission, the College Board is seeking a Lead DevSecOps Engineer in the Information Security Office (ISO) to be a senior member on the team, responsible for leading, guiding and mentoring a team of engineers in the design and development of security solutions in our DevOps and cloud transformation initiatives. The Lead DevSecOps Engineer is a highly technical and creative contributor to a DevSecOps team enabling the agile development of secure and reliable cloud-based solutions

Responsibilities of the role

  • Provide leadership and guidance in the design, development and implementation of automated security solutions that enable College Board developers to easily consume security and compliance services:
  • Help develop the strategic and tactical outcomes for DevSecOps and ISO.
  • Support and coordinate with Architects, Engineers, and DevOps teams in implementing a comprehensive cloud and application security program in a DevOps culture. 
  • Deploy opensource and COTs products across the continuous delivery pipeline to enable a comprehensive automated system integrated with the full CB application lifecycle in AWS and on-prem.
  • Drive the development of enterprise standards by creating architectural Infrastructure as Code (IaC) Blueprints.
  • Provide team leadership in the guidance and mentorship of the DevSecOps Engineering team:
  • Act as a role model for the team.  Lead by doing.
  • Coach and mentor teammate's work activities on a regular basis.
  • Actively review team’s work product and incrementally drive continuous improvement of the team’s efficiency and quality.
  • Write complex code, build infrastructure as code, work with cloud environments, and build the automated capabilities to support secure continuous delivery pipeline.
  • Leverage DevOps capabilities to build, harden, maintain and instrument a comprehensive security orchestration platform to be consumed in product CI/CD pipelines.
  • Foster, and build a community of practice for collective learning of the security capabilities, practices and systems across all disciplines.
  • Develop automated security and compliance capabilities in support of DevOps processes in a large-scale AWS cloud computing environment.
  • Provide security briefings or updates to ISO and IT leadership
  • Provide presentations and run security workshops to different enterprise teams about DevSecOps capabilities or security practices

Qualifications needed for the role

  • A bachelor’s degree in Computer Science, Engineering or MIS preferred.
  • 8+ years’ experience with extensive exposure to numerous aspects of software development, operations, CI/CD and security. 
  • A minimum of 2 years’ experience in DevOps automation and tooling with strong knowledge of cloud security architecture, application security, or security engineering.
  • Leadership:
    • Strong experience providing technical leadership to an Agile Scrum team
    • Positive role model with emphasis on collaboration, mentoring, and coaching
    • Effective communication skills with both leadership and technical teams
    • A growth mindset and love of learning new technologies
    • Demonstrated experience with incremental delivery and continuous improvement
    • Demonstrated ability to provide technology training and support
  • Architecture:
    • Solid experience in architecture design in the areas: serverless, microservices, data, and application security
    • Experience in documenting architecture and performing enterprise architecture review
  • Application & Cloud Domain:
    • Solid hands-on experience with Amazon Web Services (AWS) services including IAM, KMS, Lambda, Cognito, CloudWatch, CloudFormation, SNS/SQS, S3, CloudFront, API Gateway
    • Experience with AWS Config, WAF, EventBridge, Step Functions, Code Pipeline
    • Experience in establishing secure software development guidelines and in performing security code and design reviews
    • Experience with SAST, DAST, or RASP, vulnerable third-party libraries
    • Experience with Akamai WAF a plus
  • Development Domain:
    • Hands-on experience Node, React, Javascript, and Python
    • Experience building infrastructure as code using AWS CloudFormation, CDK, etc.
    • Experience with automated build, testing and continuous deployment of Cloud based applications
  • Common Domain:
    • Practical Linux based systems administration skills and knowledge of IP Networking
    • Strong decision-making, problem-solving skills, critical thinking and testing skills
    • Strong interpersonal skills, written and verbal communication
    • Ability to work independently with minimal direction
    • Ability to self-manage assigned tasks and projects
    • Exceptional attention to detail

This position will be subject to a background check.

 

Benefits

We offer an outstanding benefits package that includes up to four weeks of paid time off each year, comprehensive health insurance, a generous retirement savings plan, tuition reimbursement, ongoing professional development and training, and more.

Mission

Our mission is to clear a path for all students to own their future.

EEOC statement

College Board is proud to be an equal opportunity employer. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status.

 

Job tags: API Gateway Architecture Automation AWS CloudFront DevOps JavaScript Lambda Linux Python S3 Scrum SNS SQS