DevSecOps Engineer

What You Need To Know

Open the door to a groundbreaking tech career with an industry leader. Southern Glazer’s Wine & Spirits is North America’s preeminent wine and spirits distributor, as well as a family-owned, privately held company with a 50+ year legacy of success. To create a new era in alcohol beverage sales and service, we’re heavily invested in the most transformative new technologies – and the most brilliant tech professionals. Southern Glazer’s was named by Newsweek as a Most Loved Workplace and is included on the Forbes lists for Largest Private Companies and Best Employers for Diversity.

As a full-time employee, you can choose from a full menu of our Top Shelf Benefits, including comprehensive medical and prescription drug coverage, dental and vision plans, tax-saving Flexible Spending Accounts, disability coverage, life insurance plans, and a 401(k) plan. We also offer tuition reimbursement, a wellness program, parental leave, vacation accrual, paid sick leave, and more.

We offer continuous learning and career growth in a fast-paced environment where you are respected, your voice is heard, and technology is part of our strategy for success. If you’re looking to fill your glass with opportunity, come join our FAMILY.

Overview

As a DevSecOps Engineer, you will play a pivotal role in shaping our software development lifecycle by integrating security practices seamlessly into our processes. Your technical expertise and leadership will drive the implementation of robust CICD (Continuous Integration and Continuous Deployment) patterns while adhering to industry standards and policies. You’ll collaborate with cross-functional teams, ensuring that our applications are secure, reliable, and efficiently deployed. Here’s an overview of your responsibilities:

Specialized Skills and Technologies

• Github
• Kubernetes
• Docker
• Terraform
• Helm
• Prisma Cloud / SonarQube
• Any CICD Tool

Primary Responsibilities

• Implement secure, scalable solutions to address infrastructure and security requirements.
• Manage DevSecOps practices, integrating security seamlessly into the SDLC with tools like SAST/DAST solutions and Infrastructure as Code (IaC) scanning (e.g., Prisma Cloud, SonarQube).
• Identify and implement opportunities for pipeline automation and optimization, driving efficiency and speed.
• Embrace Infrastructure as Code (IaC) using tools like Terraform and Kubernetes to automate and manage multi-cloud deployments (e.g.: AWS, Azure).
• Manage containerization tools like Docker and Helm 3 for efficient application packaging and deployment.
• Maintain artifact management solutions for secure storage and distribution (e.g., Artifactory, Nexus.)
• Maintain robust monitoring solutions (e.g., Prometheus, Grafana) to gain deep insights into application and infrastructure health.
• Integrate and leverage a SIEM tool (Splunk or similar) to collect, analyze, and correlate security-related data from various sources for advanced threat detection and incident response.
• Possess understanding of web server configuration and management (e.g., Apache, Nginx) for optimal performance and security.
• Basic foundation experience in Unix/Linux administration, including scripting (Bash), user and permission management, and system troubleshooting.
• Foster a collaborative environment, working closely with development, security, and operations teams to ensure seamless software delivery.
• Stay ahead of the curve by researching and integrating the latest DevSecOps trends and methodologies.
• Share your expertise through internal training and knowledge sharing sessions.
• Develop and maintain clear documentation for DevSecOps processes and tools, ensuring consistency and knowledge transfer.
• Troubleshoot and resolve issues within the CI/CD pipeline and cloud deployments.
• Keep incident tracking tools updated and document discoveries and concerns.
• Champion agile methodologies within the DevSecOps workflow, ensuring continuous integration, delivery, and feedback loops.
• Align with Systems/Software Development Life Cycle (SDLC) processes and industry-standard service management principles (such as ITIL).

Preferred Qualifications

• Possess industry certification(s) in Azure

Minimum Qualifications

• Bachelor’s degree in Computer Science or Information Technology field 
• 3+ years of experience in DevSecOps principles and practices.
• Hands on experience in implementing secure, automated CI/CD pipelines with modern tools (GitOps, GutHub Actions etc.)
• Understanding of Infrastructure as Code (IaC) tools (Terraform, Kubernetes) and multi-cloud environments (AWS, Azure, GCP).
• Understanding knowledge of containerization technologies (Docker, Helm 3).
• Experience with next-generation artifact management solutions (Artifactory, JFrog).
• Experience integrating security best practices and tools (SAST/DAST, IaC scanning) into the SDLC.
• Familiarity with API Security, Container Security, and AWS Cloud Security.
• Knowledge of Prisma Cloud, SIEM, SOC, Nessus, CrowdStrike, or similar services.
• Excellent verbal/written communication, collaboration, and problem-solving skills.
• Ability to thrive in a last-paced, dynamic environment.
• Strong scripting skills (Python, Go, Bash).
• Delivers Results 
• Ability to analyze and solve problems 
• Strong attention to detail 

Agile Delivery Values

• Openness – Team and stakeholders agree to be open about all work and challenges 
• Commitment – Personally commit to achieving the goals of the team 
• Respect – Respect your team members to be capable and independent 
• Courage – You have courage to do the right thing and work on tough problems 
• Focus – Everyone focus on the work in the sprint and the goal of the scrum team.  Rise and fall as a team 

Physical Demands

• Physical demands include a considerable amount of time sitting and typing/keyboarding, using a computer (e.g., keyboard, mouse, and monitor), or mobile device
• Physical demands with activity or condition may occasionally include walking, bending, reaching, standing, squatting, and stooping
• May require occasional lifting/lowering, pushing, carrying, or pulling up to 20lbs

EEO Statement

Southern Glazer's Wine and Spirits, an Affirmative Action/EEO employer, prohibits discrimination and harassment of any type and provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.  Southern Glazer's Wine and Spirits provides competitive compensation based on estimated performance level consistent with the past relevant experience, knowledge, skills, abilities and education of employees.  Unless otherwise expressly stated, any pay ranges posted here are estimates from outside of Southern Glazer's Wine and Spirits and do not reflect Southern Glazer's pay bands or ranges.