Lead DevSecOps Engineer
The College Board, the national educational organization, is conducting a search for a Lead DevSecOps Engineer for our IT department. This position is based in our Reston, Virginia office.
Named by Fast Company as one of the most innovative education companies, the College Board is a mission-focused organization. This job requires a strong focus on improving educational opportunities and outcomes, particularly for disadvantaged students, in the context of a competitive business environment.
The College Board (CB) is rapidly transforming itself into an agile organization, embracing DevOps and cloud-native systems, and focused on improving speed and security of service delivery in support of an important mission. To enable this mission, the College Board is seeking a Lead DevSecOps Engineer in the Information Security Office (ISO) to be a senior member on the team, responsible for leading, guiding and mentoring a team of engineers in the design and development of security solutions in our DevOps and cloud transformation initiatives. The Lead DevSecOps Engineer is a highly technical and creative contributor to a DevSecOps team enabling the agile development of secure and reliable cloud-based solutions
What you’ll do
- Provide leadership and guidance in the design, development and implementation of automated security solutions that enable College Board developers to easily consume security and compliance services:
- Help develop the strategic and tactical outcomes for DevSecOps and ISO.
- Support and coordinate with Architects, Engineers, and DevOps teams in implementing a comprehensive cloud and application security program in a DevOps culture.
- Deploy opensource and COTs products across the continuous delivery pipeline to enable a comprehensive automated system integrated with the full CB application lifecycle in AWS and on-prem.
- Drive the development of enterprise standards by creating architectural Infrastructure as Code (IaC) Blueprints.
- Provide team leadership in the guidance and mentorship of the DevSecOps Engineering team:
- Act as a role model for the team. Lead by doing.
- Coach and mentor teammate's work activities on a regular basis.
- Actively review team’s work product and incrementally drive continuous improvement of the team’s efficiency and quality.
- Write complex code, build infrastructure as code, work with cloud environments, and build the automated capabilities to support secure continuous delivery pipeline.
- Leverage DevOps capabilities to build, harden, maintain and instrument a comprehensive security orchestration platform to be consumed in product CI/CD pipelines.
- Foster, and build a community of practice for collective learning of the security capabilities, practices and systems across all disciplines.
- Develop automated security and compliance capabilities in support of DevOps processes in a large-scale AWS cloud computing environment.
- Provide security briefings or updates to ISO and IT leadership
- Provide presentations and run security workshops to different enterprise teams about DevSecOps capabilities or security practices
- A bachelor’s degree in Computer Science, Engineering or MIS preferred.
- 8+ years’ experience with extensive exposure to numerous aspects of software development, operations, CI/CD and security.
- A minimum of 2 years’ experience in DevOps automation and tooling with strong knowledge of cloud security architecture, application security, or security engineering.
More about you
- Strong experience providing technical leadership to an Agile Scrum team
- Positive role model with emphasis on collaboration, mentoring, and coaching
- Effective communication skills with both leadership and technical teams
- A growth mindset and love of learning new technologies
- Demonstrated experience with incremental delivery and continuous improvement
- Demonstrated ability to provide technology training and support
- Solid experience in architecture design in the areas: serverless, microservices, data, and application security
- Experience in documenting architecture and performing enterprise architecture review
- Application & Cloud Domain:
- Solid hands-on experience with Amazon Web Services (AWS) services including IAM, KMS, Lambda, Cognito, CloudWatch, CloudFormation, SNS/SQS, S3, CloudFront, API Gateway
- Experience with AWS Config, WAF, EventBridge, Step Functions, Code Pipeline
- Experience in establishing secure software development guidelines and in performing security code and design reviews
- Experience with SAST, DAST, or RASP, vulnerable third-party libraries
- Experience with Akamai WAF a plus
- Development Domain:
- Experience building infrastructure as code using AWS CloudFormation, CDK, etc.
- Experience with automated build, testing and continuous deployment of Cloud based applications
- Common Domain:
- Practical Linux based systems administration skills and knowledge of IP Networking
- Strong decision-making, problem-solving skills, critical thinking and testing skills
- Strong interpersonal skills, written and verbal communication
- Ability to work independently with minimal direction
- Ability to self-manage assigned tasks and projects
Exceptional attention to detail
This position will be subject to a background check.
We offer our employees an outstanding benefits package which includes 4 weeks of paid time off, a generous retirement savings plan, tuition reimbursement and ongoing professional development and training.
Our mission is to clear a path for all students to own their future.
The College Board is committed to diversity in the workplace and is an equal opportunity employer. The College Board participates in E-Verify, a service of DHS and SSA, where required.