Application Security(DevSecOps) Developer

at Vastika Inc.
Published September 3, 2022
Location Independence, KS
Category Default  
Job Type Full-time  

Description

Notes:

Michaels – 6 Openings. Contract-to-hire.
1 evangelist and 2 or 3 in each of the other areas.

How to screen:

For Cloud experience:

Cloud screening – tell me about experience with cloud storage. This question can differentiate between working on a machine in the cloud (like any other VM) and actually configuring something to work on the cloud.

How would you secure/control access for S3 storage in the cloud? – answer is IAM, ACL and bucket policy.

For App Security expertise:

Looking for people that used for SAST or DAST

https://www.geeksforgeeks.org/difference-between-sast-and-dast/

OWASP top 10 questions – SQL injection, Cross site scripting

For AppDev bg:

Java (Spring Boot) and Microservices is preferred.

They use JavaScript as well (Angular and React).

Python is a common language and that is good too.

These are the types of people he has had success with:

Look for DevSecOps people.

Also, Devs that moved into Security.

3 prime areas

  1. Cloud (Google Cloud Platform)
  2. Application Security (Dev bg and able to code, script and architect a large scale system) – Open to candidates looking to get into security
  3. Secure Coding Evangelist

They like certs for security

  • CISSP
  • CISM
  • Ethical Hacker

For AppSec – no fear of coding and strong w automation. Previous cloud experience is highly preferred.

Cloud – prefers Google Cloud Platform but any cloud exp is good.

For scripting – open on languages but some experience with Java is highly preferred.

The Principal Security Architect will work closely with development and DevOps team members to build the secure SDLC/DevSecOps practices, defining and implementing the software/cloud security process, automation, and training. In addition, he/she must be effective in championing security initiatives throughout the company and in mentoring less experienced developers and DevOps engineers on security.

How will you do it?

% of Time Major Activities

20% • Define/implement security processes/standards, for example Michaels Secure Coding Standard

30% • Coordinate and drive security projects. Manage Security Champion programs globally. Develop and conduct Security Training for all Michaels CIO employees

50% • Define security tooling architecture and develop hands-on Security Automation that integrates with various DevOps/DevSecOps tools.

Ongoing • Other duties as assigned

Category

Minimum Knowledge/Skills/Abilities

Minimum Education- BS Computer Science or closely related fields

Minimum Special Certifications or Technical Skills- Security-related industry certification

Minimum Type of Experience the Job Requires

  • 10+ year overall in large scale enterprise software development
  • 5+ of the 10+ years in application and/or cloud security
  • Led enterprise scale software development projects

Other- Extensive knowledge of incorporating secure coding into application development and DevOps practices

  • Prior experience with managing application security training programs
  • Prior experience with metrics and dashboards for executive reviews as well as driving day-to-day operations
  • Experience with operations and security with Google Cloud Platform or AWS, Containers, and Serverless technologies
  • Established experience with Agile (including Scrum and Kanban) and software development lifecycle (SDLC) practices.
  • Experience with web development languages (Java, Python, JavaScript, etc.)
  • Ability to effectively communicate both verbally and written

Category Preferred Knowledge/Skills/Abilities

Preferred Education- MS Computer Science or closely related fields

Preferred Special Certifications or Technical Skills- CISSP Certification Preferred, Cloud Solution Architects Certification preferred

Preferred Type of Experience the Job Requires

  • Prior experience managing Security Champion programs a strong plus
  • Proficient in securing Windows and *nix operating systems, endpoint applications, networking protocols and devices.
  • Skillful in single sign-on (SSO), OAuth 2.0, OpenID Connect and SAML.
  • Ability to effectively communicate business risk from cybersecurity topics.
  • Active involvement with practices emerging from OWASP, NIST and SANS, among others.

Thanks & Regards

Prashant Awasthi

Vastika Inc.

1200 West Walnut Hill Lane, Suite# 2200

Irving, TX 75038

Cell

Phone EXT 129

Notes:

Michaels – 6 Openings. Contract-to-hire.
1 evangelist and 2 or 3 in each of the other areas.

How to screen:

For Cloud experience:

Cloud screening – tell me about experience with cloud storage. This question can differentiate between working on a machine in the cloud (like any other VM) and actually configuring something to work on the cloud.

How would you secure/control access for S3 storage in the cloud? – answer is IAM, ACL and bucket policy.

For App Security expertise:

Looking for people that used for SAST or DAST

https://www.geeksforgeeks.org/difference-between-sast-and-dast/

OWASP top 10 questions – SQL injection, Cross site scripting

For AppDev bg:

Java (Spring Boot) and Microservices is preferred.

They use JavaScript as well (Angular and React).

Python is a common language and that is good too.

These are the types of people he has had success with:

Look for DevSecOps people.

Also, Devs that moved into Security.

3 prime areas

  1. Cloud (Google Cloud Platform)
  2. Application Security (Dev bg and able to code, script and architect a large scale system) – Open to candidates looking to get into security
  3. Secure Coding Evangelist

They like certs for security

  • CISSP
  • CISM
  • Ethical Hacker

For AppSec – no fear of coding and strong w automation. Previous cloud experience is highly preferred.

Cloud – prefers Google Cloud Platform but any cloud exp is good.

For scripting – open on languages but some experience with Java is highly preferred.

The Principal Security Architect will work closely with development and DevOps team members to build the secure SDLC/DevSecOps practices, defining and implementing the software/cloud security process, automation, and training. In addition, he/she must be effective in championing security initiatives throughout the company and in mentoring less experienced developers and DevOps engineers on security.

How will you do it?

% of Time Major Activities

20% • Define/implement security processes/standards, for example Michaels Secure Coding Standard

30% • Coordinate and drive security projects. Manage Security Champion programs globally. Develop and conduct Security Training for all Michaels CIO employees

50% • Define security tooling architecture and develop hands-on Security Automation that integrates with various DevOps/DevSecOps tools.

Ongoing • Other duties as assigned

Category

Minimum Knowledge/Skills/Abilities

Minimum Education- BS Computer Science or closely related fields

Minimum Special Certifications or Technical Skills- Security-related industry certification

Minimum Type of Experience the Job Requires

  • 10+ year overall in large scale enterprise software development
  • 5+ of the 10+ years in application and/or cloud security
  • Led enterprise scale software development projects

Other- Extensive knowledge of incorporating secure coding into application development and DevOps practices

  • Prior experience with managing application security training programs
  • Prior experience with metrics and dashboards for executive reviews as well as driving day-to-day operations
  • Experience with operations and security with Google Cloud Platform or AWS, Containers, and Serverless technologies
  • Established experience with Agile (including Scrum and Kanban) and software development lifecycle (SDLC) practices.
  • Experience with web development languages (Java, Python, JavaScript, etc.)
  • Ability to effectively communicate both verbally and written

Category Preferred Knowledge/Skills/Abilities

Preferred Education- MS Computer Science or closely related fields

Preferred Special Certifications or Technical Skills- CISSP Certification Preferred, Cloud Solution Architects Certification preferred

Preferred Type of Experience the Job Requires

  • Prior experience managing Security Champion programs a strong plus
  • Proficient in securing Windows and *nix operating systems, endpoint applications, networking protocols and devices.
  • Skillful in single sign-on (SSO), OAuth 2.0, OpenID Connect and SAML.
  • Ability to effectively communicate business risk from cybersecurity topics.
  • Active involvement with practices emerging from OWASP, NIST and SANS, among others.

Thanks & Regards

Prashant Awasthi

Vastika Inc.

1200 West Walnut Hill Lane, Suite# 2200

Irving, TX 75038

Cell

Phone EXT 129

Drop files here browse files ...