Sr. DevSecOps Engineer II
Germany
Applications have closed
DoubleVerify
DoubleVerify is driven by a mission – to make the digital advertising ecosystem stronger, safer and more secure.Who we are
DoubleVerify (NYSE: DV) is the leading independent provider of marketing measurement software, data, and analytics that authenticates the quality and effectiveness of digital media for the world's largest brands and media platforms. DV provides media transparency and accountability to deliver the highest level of impression quality for maximum advertising performance. Since 2008, DV has helped hundreds of Fortune 500 companies gain the most from their media spend by delivering best in class solutions across the digital ecosystem, helping to build a better industry. Learn more at www.doubleverify.com.
Job Overview:
The Sr. DevSecOps Engineer will be responsible for delivering the global application security program within the CISO/Information Security team.
The Sr. Application Security Engineer will lead and provide updated guidance and hands-on support to DoubleVerify’s development and software/engineering teams on the current secure SDLC and software development security standards.
The individual will also lead the testing of the security controls of DoubleVerify’s applications and implementation of architecture and operational projects to improve DoubleVerify’s hybrid, application security posture.
The Sr. DevSecOps Engineer will be also responsible for integrating security automation into DevOps processes, enhance DoubleVerify’s cloud security posture, and will lead the secure development training program.
Additionally, the position will support the broader information security team (Governance Risk and Compliance, Security Operations, and IT Security).
Responsibilities and Duties:
- Implement Application Security/DevSecOps across DV which covers areas such as integrating security into build automation, deployment automation, test automation, SDLC orchestration, environment management, monitoring, and production release procedures
- Promote DevSecOps culture and train development and DevOps teams secure development and secure SDLC
- Mastering subject matter expertise for enterprise customers within DV’s web application security program
- Drive adoption of DevSecOps tools and practices including application security testing including automating security (within hybrid technology environment)
- Be engaged in all aspects of DevSecOps implementation and enhance security throughout
- Ability to apply security knowledge and experience in a DevOps development lifecycle
- Development and implementation of cloud security, container security and infrastructure as code security concepts, principles, and best practices
- Enhance DV’s cloud security posture and application attack surface management by advising and assist implementing cloud security with DevOps and CloudOps personnel
- Supporting the creation and curating application security reports and metrics to DV stakeholders
- Deliver secure training to DV’s global software developers/engineers
- Execute, liaise, and report on penetration testing results to DV application and infrastructure stakeholders
- Ability to perform technical integrations with SIEM tools
- Support Information Security department leads including but not limited to Governance Risk and Compliance (GRC), Security Operations (Incident Response, Monitoring etc.), and IT Security (TVM, additional security tools etc.)
- Assist in Merger & Acquisition (M&A) security-related activities
Qualifications:
- 5+ years’ experience in application security including proficiency in AppSec concepts such as those in OWASP top 10, secure SDLC, agile methodologies and transformations etc.
- 3+ years’ experience in one or more security testing tools, including Static Analysis, Software Composition Analysis and/or Dynamic Analysis (e.g. Veracode, Checkmarx, Snyk, NetSparker, Acunetix, Qualys WAS etc.)
- Experience with hands-on development as a software engineer/developer
- Knowledge in CI/CD, securing the pipeline, best practices and tools (i.e. Gitlab/GitOps, TeamCity, Ansible)
- Great understanding of GCP or AWS security and DevSecOps
- Understanding of one or more of the following languages: Python, Scala, Java, .Net, C#, JavaScript, TypeScript, SQL
- Familiarity with infrastructure as code security
- Familiarity with container security
- Experience performing assessments against applications and their underlying infrastructure, configuration, and deployment strategy
- Good leadership, communication (written and oral) and interpersonal skills
- Understanding of data security and experience handling PII
- Bachelor’s Degree or higher in Computer Science or related field (Engineering, Computer Science, Mathematics Information Systems, etc) or equivalent technical experience
- Good to have but not necessary industry recognized certification in security (e.g., CISSP, CISM, CEH, OSCP, OSWA, GWAPT, GPEN, GCSA, GCLD, CCSK, CCSP, etc.)
Tags: Agile Analytics Ansible Application security Automation AWS C CCSP CEH Checkmarx CI/CD CISM CISSP Cloud Compliance Computer Science DevOps DevSecOps GCP Governance GPEN GWAPT Incident response Java JavaScript Mathematics Monitoring OSCP OWASP Pentesting Python Qualys Scala SDLC SIEM SQL Strategy TypeScript Veracode
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Security Operations Engineer jobs
- Open Information Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open IT Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open IT Security Engineer jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open Windows-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open DevOps-related jobs
- Open Security assessment-related jobs
- Open Kubernetes-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open CI/CD-related jobs
- Open IDS-related jobs
- Open DevSecOps-related jobs
- Open EDR-related jobs