Position: Cloud DevOps Architect (AWS preferred)
Location: Remote
Visa: Authorized to Work
Contract: Long term
Rate: Open
BASIC PURPOSE:
We are looking for a highly skilled DevSecOps Architect to join our team. In this role, you will be responsible for designing, implementing, and maintaining secure DevOps pipelines and infrastructure for one of our most innovative brands. While this role will be embedded within this brand, the role will report into the GISCS organization, and the Global Application Security team specifically. You will work closely with the brand's development and operations teams to advance a security culture that empowers the brand to produce features and digital experiences that delight our guests while safeguarding the interests of both our Corporation and our customers.
ESSENTIAL FUNCTIONS:
• Design, implement and maintain secure, reusable DevOps pipelines for brand development teams, that align with global application security standards.
• Develop and maintain infrastructure as code (IaC) templates for cloud environments such as AWS, Azure, and Google Cloud Platform.
• Work with development teams to ensure that security is built into the SDLC and that all code is secure by design.
• Monitor and investigate security incidents and vulnerabilities in the infrastructure and take corrective actions.
• Continuously assess and improve the security posture of the brand and contribute improvements back to the global organization.
• Program, engineer, implement, and administer IT Security technical control and tools to assess vulnerabilities, mis-configurations and incidents.
• Develop and maintain relationships with 3rd party vendors responsible for providing technology services, tools, and consulting.
• Perform security reviews of deployments to ensure they meet relevant policies, standards, and guidelines.
• Partner with different brand IT resources to automate and enhance security logging and integrate with managed SIEM provider.
• Create and distribute security reports to required business and IT units, including vulnerability reports for tracking of remediation.
• Respond to escalations and other priorities as required, may require afterhours engagement as needed.
• Other projects and duties as assigned (e.g., assisting global application security pillar on pattern and capability design and buildout)
POSITION SCOPE:
The scope of this position is specific to a brand that is responsible for significant software development, digital products, and a broad and complex digital ecosystem. Challenges include managing security initiatives across multiple development and operational units, investigating and resolving complex business and IT realities, and ensuring objectives and outcomes are met in a timely manner.
REPORTING RELATIONSHIPS:
The DevSecOPs Architect reports directly to the Sr. Director of Global Application Security.
QUALIFICATIONS:
• 5+ years experience within DevOPs, DevSecOPs roles.
• 5+ years hands on experience with Cloud Service Providers (AWS heavily preferred).
• Extensive experience with DevOps tools such as Git, Jenkins, Ansible, and Terraform
• 2-3 years hands on experience with Infrastructure as Code (Terraform preferred).
• Strong understanding of DevOps and Agile methodologies.
• Hands-on experience using APIs to query RESTful services and integrate third party services.
• Programming using one or more of the following: Java, Java Spring Boot, Python, or C/C++.
• Extensive experience with security automation and scripting with languages like Python, Go, or Bash.
• Hands-on skills and experience with container technologies like Kubernetes, Docker, and Rancher.
• Experience with security automation, security log review and analysis, threat analysis tools.
• Experience with CI/CD - Deployment pipelines, and automated build and configuration tools such as GitLab, Jenkins, Ansible, and Terraform
• DevSecOps practices, including automation of SAST, DAST, IAST, MAST along with threat modeling, code peer reviews, security remediation and security monitoring/incident response enablement.
• Background in Linux operating systems.
• Knowledge of cloud security controls involving tenant isolation, encryption at rest, encryption in transit, and secrets management (Hashicorp preferred).
• Proven track record of taking ownership of strategic initiatives and driving results in complex environments.
• Demonstrated ability to manage multiple workstreams simultaneously.
• Ability to work in a fast-paced setting.
• Proven success in contributing to a team-oriented environment.
• Proven ability to work creatively and analytically in a problem-solving environment.
• Excellent communication (written and oral) and interpersonal skills.
PHYSICAL DEMANDS & TRAVEL:
Primary Work Location: Remote
Physical Demands: Work is primarily sedentary where sitting is required most of the time; walking and standing are required occasionally. Visual acuity is required to perform activities such as: preparing and analyzing data, viewing a computer terminal, reading documents, reports and emails.
Travel Requirements: 40% to 50% travel anticipated, and opportunities may present themselves, including working aboard our cruise ships while in port or underway. Therefore, having a valid passport and work authorization for the United States is a MUST.