U.S. Bank

Senior DevSecOps Controls Manager

U.S. Bank

full-time

Posted on:

Origin:  • 🇺🇸 United States • Colorado, Illinois, North Carolina

Visit company website
AI Apply
Manual Apply

Salary

💰 $124,355 - $146,300 per year

Job Level

Senior

Tech Stack

AnsibleAWSAzureChefCloudCyber SecurityDockerJavaJenkinsKubernetesPuppetPythonRubyTerraform

About the role

  • Own creation, maintenance and rollout of processes and tools to automate and audit DevSecOps controls and contractual cybersecurity/privacy agreements
  • Maintain data inventory tracking of “high value client” data repositories
  • Maintain inventory of privileged accounts with access to “high value client” data
  • Coordinate and document data sharing approvals with “high value client” relationship owners
  • Oversee and consult on security impacts associated with product and system changes
  • Participate as SME in collaborative cybersecurity incident management for products and systems processing/storing “high value client” data, including review of cybersecurity logging dashboards and reports
  • Participate as SME and review control validation in reciprocal third-party security assessments, including annual PCI assessments with “high value clients”
  • Design processes and tools to facilitate automation and auditability of controls, including PCI compliance and assessments

Requirements

  • Bachelor's degree, or equivalent work experience
  • Seven or more years of experience with the processes, tools and techniques for assessing and controlling an organization's exposure to risk
  • Four or more years of experience with a total Information Technology (IT) environment
  • Secure Coding Practices: Understanding secure coding principles and common vulnerabilities
  • Cloud Security: Knowledge of cloud platforms (AWS, Azure) and their security features
  • Containerization and Orchestration: Proficiency with Docker and Kubernetes
  • Security Frameworks: Familiarity with frameworks like OWASP and NIST
  • Vulnerability Management: Ability to identify, assess, and mitigate vulnerabilities
  • Threat Modeling: Understanding how to identify potential threats and develop mitigation strategies
  • Security Testing: Experience with tools like OWASP ZAP, Burp Suite, and vulnerability scanners
  • DevOps Expertise: CI/CD experience with tools like Jenkins or GitLab
  • Infrastructure as Code (IaC): Knowledge of Terraform or CloudFormation
  • Configuration Management: Familiarity with Ansible, Puppet, or Chef
  • Scripting and Programming: Proficiency in Python, Java, or Ruby
  • Automation: Experience automating security checks and security automation tools
  • Communication: Ability to communicate security risks to technical and non-technical audiences
  • Collaboration: Work effectively with development, operations, and security teams
  • Problem-Solving, Analytical Skills, Critical Thinking, Continuous Learning
  • PCI DSS experience
  • Incident Response experience
  • Risk Assessment and Compliance Knowledge