Senior DevSecOps Engineer (remote), Experian Consumer Services
Costa Mesa, CA, United States
Applications have closed
Experian
Experian is committed to helping you protect, understand, and improve your credit. Start with your free Experian credit report and FICO® score.Company Description
Experian is the world’s leading global information services company, unlocking the power of data to create more opportunities for consumers, businesses and society. We are thrilled to share that FORTUNE has named Experian one of the 100 Best Companies to work for. In addition, for the last five years we’ve been named in the 100 “World’s Most Innovative Companies” by Forbes Magazine.
Job Description
What could be more exciting – personally and professionally – than being part of a “disruptive” business? Consider taking your career to the next level by joining the Leader that continues to disrupt the competition. As the “disruptor” and market leader we pride ourselves on building new markets and leading the pack through continuous evolution and innovation. It’s a position Experian Consumer Services has enjoyed for more than a decade and we’re always looking for the talent that can help expand that lead.
When you’re the leader, it’s always urgent, important, and market-changing. We think that defines the true “disruptive” business. Join us and create some chaos for the competition.
The Senior DevSecOps Engineer is a hands-on technical position responsible for operating a diverse set of cloud security controls and monitoring processes. This role will work directly with security architecture teams to improve security posture and automation capabilities:
- Continuously improve the security of our e-commerce products
- Comply with a range of security and regulatory requirements (internal and external)
- Respond to audit requests and requirements
- Manage cloud security tools such as WAF, IDS/IPS, Anti-Virus, Integrity monitoring, vulnerability scanning, and cloud security/compliance monitoring frameworks.
- Operate and analyze application and infrastructure logs in order to identify suspicious activity or behavior anomalies.
- Operate and manage network traffic flow, NACLs, transit gateways, Peers, direct connect, and Security groups.
- Assess infrastructure and application vulnerabilities and take remediation actions as appropriate.
- Operate and manage AWS IAM permissions based on defined roles and responsibilities.
- Ensure tight security for an eCommerce platform including data encryption, security groups, environment scanning, etc.
- Partner with Experian Global Security office to ensure policies and standards are being properly applied.
Based on a “developer self-service model”, our cloud-computing “Platform as a Service” product automates:
- AWS resource provisioning and management (based on immutable compute resources)
- Build pipeline supporting Continuous Delivery, and SDLC Security tools, including support for canary and blue-green releases
- Manage Linux-based operating systems and associated vulnerability management processes.
- Micro-service support (service registry, service-to-service authentication, authorization, and auditing)
- Event management and analysis via logging and event data pipelines
- Instrumentation, monitoring, notification, and alerting
- Data pipeline from transaction support (Dynamo) to BI (RedShift)
The current Platform has been implemented primarily as “infrastructure as code”, so experience with Python, or equivalent experience with other scripting or infra-coding tools is essential. The Platform is being managed as a true software product (story backlog, product roadmap, developer involvement in product direction), so Agile Product Oriented Development experience is also important.
Qualifications
Responsibilities
- Collaborate with information security, DevOps, and engineering teams to identify Platform needs and issues with respect to security
- Collaborate with key third-party security partners to ensure that security controls adhere to defined policies and mitigate risks.
- Ability to manage projects as a technical lead to ensure project initiatives are completed on time and in scope.
- Daily operational security controls and monitoring.
- Author Agile stories, estimate story points, assist with sprint planning and retrospectives
- Perform advanced security technical troubleshooting for cloud and e-commerce environments
- Participate in incident response exercises and continue documenting security and incident response procedures.
- Lead projects from start to finish and be the go-to technical person for that initiative.
- Provide technical guidance to junior members of the team.
Education and Experience
- 8+ years of experience in Information Security, and/or Ops or DevOps role, focused on automated solutions supporting security
- Security certifications such as CISSP, CCSP, GIAC Certified Intrusion Analyst (GCIA), and GIAC Certified Incident Handler (GCIH) are a plus
- Fluent in Linux operating systems and systems Engineering
- Fluency in Python or other programming or scripting languages
- Production experience with public cloud (AWS, Google, or Azure – AWS strongly preferred)
- Experience with a variety of open-source technologies and tools in support of cross-team collaboration
- Bachelor of Science or comparable experience
- Experience leading smalls teams or projects strongly desired
Qualifications Required
- Knowledge of the InfoSec/DevOps tools chain focused on the AWS Linux platform
- Experience deploying automation solutions in a public cloud environment such as AWS
- Knowledge of PCI/HIPPA and other security-related standards and requirements
- Experience supporting security audits
- Operationally savvy, experience with monitoring, alerting, and analyzing system metrics to identify problems and understanding system behavior specific to security concerns
- Ability to work in a fast-paced, e-commerce environment
- Strong communication and collaboration skills
- Strong problem-solving skills
- A passion for security and innovation
- Collaboration, drive open communication and reach across functional borders
Benefits and Compensation
Experian offers flexible benefits and compensation packages that allow our employees to make choices that fit their individual lifestyles. Some of the benefits that we provide for full-time employees include the following:
- Medical, Dental, Vision, and Life Insurance
- Minimum 15 days flexible time off, additional sick time, plus 12 paid holidays
- 401K and company matching
- Casual, fun environment
#LI-REMOTE
#LI-NR1
Additional Information
Experian is proud to be an Equal Opportunity and Affirmative Action employer. Our goal is to create a thriving, inclusive and diverse team where people love their work and love working together. We believe that diversity, equity and inclusion is essential to our purpose of creating a better tomorrow. We value the uniqueness of every individual and want you to bring your whole, authentic self to work. For us, this is The Power of YOU and it ensures that we live what we believe.
Experian is proud to be an Equal Opportunity and Affirmative Action employer. Our goal is to create a thriving, inclusive and diverse team where people love their work and love working together. We believe that diversity, equity and inclusion is essential to our purpose of creating a better tomorrow. We value the uniqueness of every individual and want you to bring your whole, authentic self to work. For us, this is The Power of YOU and and it reflects what we believe. See our DEI work in action!
If you live in Colorado, Connecticut or New York City, please contact us at JobPostingInquiry@experian.com for the salary range of this position (include the exact Job Title as it reads above in your email). In addition to a competitive base salary and variable pay opportunity, Experian offers a comprehensive benefits package including health, life and disability insurance, generous paid time off including parental and family care leave, an employee stock purchase plan and a 401(k) plan with a company match.
Experian Careers - Creating a better tomorrow together
Find out what its like to work for Experian by clicking here
Tags: Agile Audits Automation AWS Azure CCSP CISSP Cloud Compliance DevOps DevSecOps E-commerce Ecommerce Encryption GCIA GCIH GIAC IAM IDS Incident response IPS Linux Monitoring Python Scripting SDLC Vulnerabilities Vulnerability management
Perks/benefits: 401(k) matching Career development Competitive pay Equity Flex hours Flex vacation Health care Insurance Medical leave Parental leave Startup environment
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open IT Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs
- Open Kubernetes-related jobs