Humana Principal DevSecOps Engineer in Lancaster, South Carolina
The Principal DevOps Engineer Enables the automation of software code deployment by eliminating functional silos existing between development and production. The Principal DevOps Engineer provides strategic advice and guidance to functional team(s). Highly skilled with broad, advanced technical experience.
The Principal DevSecOps Engineer Promotes flexible collaboration and communication between development, security, compliance, testing, monitoring and production teams. Optimizes the release process by leading teams to identify gaps and eliminate barriers to enable increased frequency of accurate code deployment. Works with senior executives to develop and drive segment or enterprise-wide functional strategies. Advises one or more areas, programs or functions and provides recommendations to senior executives on matters of significance, and as an advanced subject matter expert competent to work at very high levels in multiple knowledge and functional areas across the enterprise.
In this role you will be on a team of security engineers performing triage, analysis, hunting bugs, driving DevSecOps adoption, cultural transformation, building pipelines and the eco system to support it; while leading alignment and strategy across teams.
Provide DevSecOps thought leadership and mentoring in both advisory and delivery contexts, enabling our engineering teams to deliver quickly, securely and with quality.
Defines a portfolio of change and roadmap. Engages and influences IT and business leaders to ensure the strategy enables key engineering objectives.
Responsible for program roadmap and key contributor to the DevSecOps strategy, execution, and growth of Humana's DevSecOps strategy
Responsible for creating and executing a repeatable delivery process as it relates to quality and security, building a coalition of transformation and evangelizing DevSecOps.
You will report directly to the Director of DevSecOps and work closely with Quality and Security functions while collaborating across business segments and engineering teams to increase quality and secure delivery.
You succeed in this role if you:
You are a passionate, hands-on change agent that believes teamwork and communication are critical to high performing team execution.
You enjoy working with the latest open source and enterprise tools and building automated, integrated systems and can demonstrate a proven track record with adopting new tools and ways of working.
You get GitOps, the cloud doesn't scare you, and everything has a PR.
You believe cultural and behavior changes are critical for improving teams of all sizes.
You believe in continuous improvement through small, rapid, iterative change.
You are on constant quest of learning and apply that to tools, technologies and processes.
You are a smart, enthusiastic, creative leader who can look beyond today's problems to find tomorrow's solutions AND can communicate your vision at a variety of levels.
You can discuss high level strategy with senior leaders or technical nuances of problems with front line engineers and architects.
You love developers, engineers and infrastructure you can build and break to make it better.
You love open source, community and collaboration.
10 plus years IT experience
3 plus years of experience with Applications Security, including familiarity with the leading toolsets supporting Application Security (dynamic and static). Experience with Checkmarx, AppScan, Burp Suite, Contrast, VeraCode, NowSecure, Blackduck, WhiteSource, Fortify or similar tooling.
Strong application security experience across a variety of technologies and languages.
Deep experience in static code analysis and third-party software composition analysis.
Strong skills in app dev or infrastructure as code
Proven track record leading cloud native transformative change.
Strong leadership and communication skills.
Bachelor's or Master's degree
Strong experience bug bounties and security research, you go beyond average pen tester, developer or security analyst.
Cloud experience or experience with Docker or similar container platforms.
Working knowledge of Linux and Windows operating systems
Familiarity with disassemblers, network protocols and cryptographic algorithms.
You understand design, delivery, and ownership along with modern SDLC practices.
Knowledge of common information security management frameworks, including but not limited to:
ISO 27001/27002, ITIL, COBIT, NIST, BSIMM.
Professional security certification, such as OSCP, Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials a plus but not required.
Scheduled Weekly Hours