Lead Security Consultant – Blue – DevsecOps
Job Type: Full Time / Permanent
ROLE AND RESPONSIBILITIES: The Lead Security Consultant, DevSecOps discipline reports to the Manager of Technical Services and is part of the Technical Team, working both independently and as part of a team to: • Partner with clients to develop a trusted relationship. • Lead and participate on project implementation teams • Proactively manage the outcomes of consulting engagements and keep stakeholders updated with progress and issues. • Establish effective working relationships directly with clients. • Demonstrate and apply a thorough understanding of complex information systems. Quickly gain a working knowledge of client’s IT/Security environments through conversations and observations. • Lead the advisory of information security concepts using presentations, reports, examples, and visualizations. • Advise client’s teams at all levels from the C-Suite to individual contributors regarding technical security controls through mediums such as code, systems implementation, and development operations. • Create, develop, and mature a catalog of technical services and contribute to the improvement of all services. • Mentor team members in advanced technical concepts through knowledge transfer and project support opportunities. • Autonomously contribute to the information security community, primarily focused on the areas where the company operates. • Support other engagements, such as those being led by the GRC and/or Red Team. • Continually research and learn new technologies and techniques through a mix of self-guided and formal training. • Cultivate new and existing client relationships to develop business opportunities • Perform other duties as assigned.
QUALIFICATIONS AND EDUCATION REQUIREMENTS • 8 or more years of experience in Information Security with a focus on protecting companies through building and implementing security programs and engineering systems to be robust and resistant to attack • 5 or more years of experience working with and managing all major cloud providers (AWS, Azure, GCP). • 4 or more years of experience working with git and related CI/CD tooling. • Extensive experience implementing technical controls supporting common security frameworks and regulations such as ISO 27001/2, SOC2, HIPAA / HITECH, SOX, PCI-DSS, GDPR, NIST 800 series, ITIL, and COBIT. • Experience working with intrusion detection and prevention, systems monitoring, cryptography, and/or log aggregation and analysis. • Extensive experience working with emerging development trends, including cloud native architectures, serverless environments, DevOps, and microservices. • Advanced knowledge of Operating Systems, including Windows, macOS, and Linux. • Displayed proficiency in a variety of programming languages such as Python, Powershell, Ruby, C++, or Golang. • Ability to work as part of Agile development teams to deliver end-to-end automation of deployment, monitoring, and infrastructure management. • Well versed in the deployment and management of applications in cloud native environments. • Flexibility to accommodate changing schedules of client and project needs and willingness to work extended hours when needed.
PREFERRED SKILLS • Ability to conduct an information security and/or product risk assessment focusing on technical controls. • Ability to assist junior security consultants with complex technical concepts and client facing tasks. • Strong project management and task management skills, problem solving/critical thinking skills, and verbal and written communication skills. • CCSP or equivalent training and certification. • Prior consulting experience, especially with a focus on partnering with companies to improve the robustness of their security program or establish a robust security program from scratch. • Ability to describe and communicate complex technical security concepts to technical and non-technical audiences. • Strong written and verbal communication skills, including the ability to present at information security events and conferences, and to curate content such as writing blog posts and written reports.
COMPETENCIES: The employee is expected to be proficient in several organizational, behavioral, and functional competencies, such as sound judgement, cooperation/teamwork, quality of work, reliable, punctual, quantity of work, supportive of diversity, communication, customer service, problem solving, attention to detail, innovative, and flexible.