Randstad Security DevOps Engineer in Philadelphia, Pennsylvania

Security DevOps Engineer

job details:

  • location:Philadelphia, PA

  • salary:$60 - $65 per hour

  • date posted:Tuesday, February 12, 2019

  • job type:Contract

  • industry:Finance and Insurance

  • reference:670543

job description

Security DevOps Engineer

job summary:

Large Enterprise Telecom client is hiring an energetic and experienced Security DevOps Engineer.This key role is part of the Digital Infrastructure Engineering and Operations team. The ideal candidate will work internally with App/Dev/Platform teams and externally with global security teams to ensure application and system security posture for the Digital organization is implemented and maintained to world class security standards. This includes helping and guiding application development and platform teams to develop application with utilization of security best practices from ground up, implementing secure coding practices, helping security maturity in on premise and at public cloud environment being established in AWS/Azure to ensure security considerations are implemented and met for best practices. This is a perfect opportunity for the successful candidate to become a part of an innovative, energetic team that believes; 'security must not be an afterthought, nor is an impediment to delivery velocity but can be achieved as a balancing act b/w managing risk and ensuring high quality delivery velocity'.

location: Philadelphia, Pennsylvania

job type: Contract

salary: $60 - 65 per hour

work hours: 9am to 5pm

education: Bachelors


  • Perform security assessment and compliance activities by using assessment tools and procedures for the Digital Home Organization

  • Continue to engage and build relationship with internal app dev teams and global Technology and Product Security teams

  • Facilitate implementation and execution of static, dynamic and run-time code analysis (SAST, DAST, IAST/RASP) and also work with application and internal teams for to ensure secure coding practices are implemented

  • Lead and respond to security-related incidents. Provide a thorough post-incident analysis including steps to minimize/remediate and fix the impact

  • Develop strategies to respond to and recover from a security breach

  • Investigate security breaches by conducting a technical and forensic investigation into how the breach happened and the extent of the damage

  • Participate and help facilitate Threat modelling workshops

  • Participate in security architecture review (SAR) / application security assessments to ensure all security design best practices and standards are met

  • Support the research of emerging technology, requisite security requirements, and emerging threats and develop way-forwards to meet organizational goals

  • 1-2 years' experience in Cloud Security with exposure to AWS / Azure Native Security

  • Familiarity and exposure to Network Security, Operating System Security, Web Security and End Point Security

  • Good understanding and familiarization with data encryption

  • Assist in evaluation, selection and implementation of encryption solutions and key management systems



  • 10+ years of experience in security and technology based industry

  • 5 years of experience working with various security architectures

Industry Recognized Certifications in Security (a plus)

  • Certified Ethical Hacker CEH (preferred)

  • Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Licensed PEN Tester (LPT), Global Information Assurance Certification (GIAC), Certified Secure Software Lifecycle Professional (CSSLP)


  • Bachelor's Degree in Information Systems, Computer Science, Management Information System, Cyber Security or Engineering

Personal Characteristics:

  • Solid written and verbal communication skills

  • Technology savvy, resourceful and self-motivated

  • Natural passion and curiosity to problem solving

  • Continuous self-learner, through various mediums

  • Consistent exercise of independent judgment and discretion in matters of significance

  • Proven ability to operating with collaboration

  • Comfortable working with technical and non-technical teams, business stakeholders, technical and business leadership

  • Analytical, planning, negotiation and facilitation skills

  • Ability to multi-task and manage multiple initiatives without direct supervision

skills: - Proficient at the secure software development lifecycle and DevSecOps

  • Deep understanding of OWASP and SANS top vulnerabilities

  • Good understanding of identity, authentication and authorization systems

  • Good understanding of cryptographic trust based systems

  • Cloud security knowledge preferred

  • Data and database security

  • Knowledgeable in Federation, SSO, IDS, IPS, Host Based Firewall, WAF (Web Application Firewall), DNS, DHCP, HTTPS/TLS, SSH, Key Management, PKI, Tokens, SAML, OAUTH, Fido knowledge preferred

  • Knowledgeable in compliance standards like: PCI, CPNI, ISO 27001, FCC Regulations, SOX, Subscriber PII

  • Coding / Scripting experience required

  • Security expertise in one or more relevant areas

  • Proficient in using some of these Tools SAST/DAST (Coverity, Fortified, IBM AppScan, Veracode, BurpSuite, Web Inspect), Wireshark, MobSF pen-testing framework, Needle, Inspeckege, Drozer etc, Code Repository (GitHub, TFS), Configuration mgmt. (Ansible, Terraform, AWS Cloud Formation)

Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.