IT APPSEC ENGINEER II

Overview

SHRSS (Seminole Hard Rock Support Services) is seeking a highly motivated and skilled DevSecOps Engineer. This role will be responsible for managing our application security scanning toolset, influencing strategy, building, and maintaining integrations with our CI/CD pipelines, and providing security guidance to our engineering community. You will take part in design and code reviews and offer direction to ensure that our organization is proactively managing risk. This individual will actively collaborate with stakeholders from Vulnerability Management, DevOps, Penetration Testing, and remediation to provide SME guidance and support.

Our team is growing, and we are looking for somebody with a mindset to help our programs continue to evolve.

Responsibilities

• Evaluate and analyze threats, vulnerabilities, impact, and risk of security issues
• Support SAST, SCA and DAST scanning technologies
• Liaise with DevOps to build integrations between our scanners and the CI/CD pipelines
• Drive our shift-left strategy
• Provide SME support and remediation guidance to our stakeholders
• Develop and design DevSecOps metrics, policies, processes, and procedures
• Consult on DevSecOps requirements from diverse application/line of business partners

Qualifications

• 3-5 years of experience in an application security
• Experience performing secure code reviews, and web and mobile application security testing
• Experience with secure development, coding, and engineering practices
• Experience with OWASP Top 10 and emerging attack vectors
• Experience with SAST, DAST and SCA tools
• Experience with CDN solutions such as Cloudflare and Akamai.
• Experience with infrastructure as code and infrastructure testing strategies
• Working knowledge of Windows, Unix/Linux, Mac OS X, Android, iOS, etc.
• Software development experience in one or more programming languages (e.g., Java, C#, JavaScript, Python, PowerShell, Bash, Groovy)
• Knowledge of scripting to support the automation and continuous improvement of processes
• Thorough knowledge of networking technologies, OSI network layers, and TCP/IP
• Knowledge of DevSecOps pipeline, Agile methodology, container security, APIs, and microservices
• Excellent communication and collaboration skills
• Preferred:
• Bachelor’s degree or higher in information security, equivalent demonstrated work experience and industry standard certifications
• Prior experience working on a DevSecOps role
• Information security certifications (e.g., OSCP, OSWA, GPEN, GWAPT, eCPPT, eWPT, CEH, CISSP, CSSLP)
• Cloud security experience in one or more of the following (Azure, AWS or GCP)
• Experience with CSPM tools (e.g. Wiz, Orca, Prisma Cloud)
• Experience in the Casino Gaming industry