This job was posted by https://illinoisjoblink.illinois.gov : For more
information, please see:
https://illinoisjoblink.illinois.gov/jobs/11902769 Department
BSD CTD - DevSecOps
About the Department
The Center for Translational Data Science (CTDS) at the University of
Chicago is a research center whose mission is to develop the discipline
of translational data science to impactful problems in biology,
medicine, healthcare, and the environment. We envision a world in which
researchers have ready access to the data needed and the tools required
to make data driven discoveries that increase our scientific knowledge
and improve the quality of life. We architect ecosystems of large-scale
commons of research data, computing resources, applications, tools, and
services for the broader research community to use data at scale to
pursue scientific inquiry and accelerate discovery. Learn more at
https://gdc.cancer.gov/, https://gen3.org/, https://stats.gen3.org/, and
https://ctds.uchicago.edu/.
Job Summary
As a DevSecOps Engineer on our team, you\'ll use your development
experience to streamline our secure software development life cycle,
security automation and orchestration, and incident response from
requirements to monitoring in production You\'ll incorporate open-source
tools, automation, and Cloud resources to cut down on tedious,
monotonous tasks and free up the teams to do what they do best -
innovate.
This at-will position is wholly or partially funded by contractual grant
funding which is renewed under provisions set by the grantor of the
contract. Employment will be contingent upon the continued receipt of
these grant funds and satisfactory job performance.
Responsibilities
- Evaluate and analyze threat, vulnerability, impact, and risk of
security issues discovered from various DevSecOps tools such as
Static Application Security Testing (SAST), Software Composition
Analysis (SCA), Interactive Application Security Testing (IAST),
Dynamic Application Security Testing (DAST) and Container Security
platform.
- Advise and collaborate with DevOps teams, developers, application,
and project teams on the security issues, including explanation of
the technical details and how they can remediate the vulnerabilities
in their applications.
- Develop and design DevSecOps metrics, policies, processes, and
procedures.
- Provide training to developers and other stakeholders on the usage
of the tools.
- Assist with implementing and designing automated security checks and
additional security tools within the CI/CD pipelines.
- Conduct POCs and work with vendors for DevSecOps tools to achieve
security automation and efficiency.
- Effectively communicate and manage expectations of various
stakeholders.
- Keep abreast of the latest industry trends in security and DevSecOps
processes and make continuous recommendations for improvement.
- Assist in maintaining FedRamp Moderate and FISMA Moderate
compliance.
- Investigates, analyzes and resolves day-to-day technical problems
using standard procedures.
- Works with stakeholders to gather and analyze requirements for
developmental programs. Receives a moderate level of guidance to
design applications to meet University and business requirements.
- Performs code testing on components and works to ensure that
appropriate implementation standards are met. Evaluates design
alternatives for development cost and solutions using various
methods.
- Supports and maintains existing applications. Works with developers
and responds to requests from users.
- Performs other related work as needed.
Minimum Qualifications
Education:
Minimum requirements include a college or university degree in related
field.
---
Work Experience:
Minimum requirements include knowledge and ski ls developed through 5-7
years of work experience in a related job discipline.
---
Certifications:
---
Preferred Qualifications
Education:
- A recognized university degree in Computer Science,
Computer/Electrical Engineering, Information Technology or
equivalent.
Experience:
- 2+ years of experience developing infrastructure, system
configuration and/or deployment automation, for one or more cloud
platforms including OpenStack, AWS, GCP, and Azure.
- Sound technical background of working with SAST, SCA, DAST, IAST and
other vulnerability scanning tools.
- Prior experience in performing secure code reviews, web application
penetration tests.
- Solid understanding of full DevSecOps pipeline, Agile methodology,
container security, APIs and microservices.
- Capable of working with various CI/CD tools.
- Analytical thinker with excellent communication skills.
- Familiarity of NIST 800-53, FedRAMP, FISMA, HIPPA and other
regulatory/industries requirements.
- Experience with Palo XSOAR.
Licenses and Certifications:r