This site uses cookies. To find out more, see our Cookies Policy

Sr. DevSecOps Consultant in Brooklyn, NY at Vaco

Date Posted: 2/1/2019

Job Snapshot

Job Description

Vaco is a private-equity backed solutions company that provides consulting, managed services, staffing, and placement services globally. Established in 2002 by "Big 4" consulting veterans, Vaco now has over 40 offices and has worked with over 9,000 clients. We have over 6,000 consultants and been named to Inc. magazine's list of fastest-growing private companies for the past 12 years. Vaco offers boutique services with global reach.

The Vaco Cyber Security team's success relies on the trusted relationships built with our clients. We recognize the challenge organizations encounter improving security, restructuring operations and handling risk while maintaining compliance and keeping costs down. Our information security specialists work closely with organizations to provide the solutions that best match business and security objectives. As a member of the team, you will have the opportunity to utilize and expand your skills through client experience and industry training while collaborating with security professionals across industries. Our team provides the full spectrum of security services to clients including, Strategy & Advisory, Identity & Access Management, Cyber Security Operations, Managed Services, Governance, Risk, and Compliance.

The DeveSecOps consultant for cloud porject supports tactical deployment of application security tools, standards and initiatives that safeguards the confidentiality, integrity and availability of the enterprise infrastructure and information assets across the Digital Center of Excellence. The scope of the position involves implementing and configuring key application security technologies for implementation while taking some direct responsibility for driving results. The Enterprise Application Security Engineer is also responsible for providing application security expertise for maintaining and configuring key application security tools and processes such as our DevSecOps Program including application security integration into the CI/CD pipeline, Static and Dynamic Application Scanning Applications, Web Application Scanning technologies as well as other application security technologies

Essential Duties and Key Responsibilities

  • Participates in improvement activities for the Application Security program through a working relationship with DevOps, application development and QA teams.
  • Implements (new, upgrade, maintenance), monitor and support enterprise application Security Tools.
  • Acts as the subject matter expert for some key application security tools, technologies and processes owned by the security team.
  • Provides management level reporting of all critical intrusion or vulnerability detection tools.
  • Performs change control and device configuration management activities on application security technologies.
  • Participates in the Risk Assessment Program including identifying and scoring application security risk.
  • Provides vulnerability and threat management monitoring and mitigation response for application security by identifying vulnerabilities and attack vectors in applications (SAST & DAST).
  • Provides input into operational planning of application security.
  • Participates in the execution of application security projects and initiatives.
  • Contributes to Enterprise security team effectiveness by accomplishing additional security related results as needed.
  • Contributes to documentation related to the Application Security program including the development of secure coding policies, procedures and standards and modification of the Software Development Life Cycle (SDLC) to include necessary security checkpoints, code review methodologies, etc.


Experience and Educational Requirements

  • College degree in related technical/business areas or equivalent work experience required
  • 3+ years relevant work experience preferred
  • Security and/or Web application security certifications or training preferred
  • Working knowledge of dynamic web application vulnerability scanning tools and services
  • Working knowledge of static code analysis tools and services
  • Working knowledge of Application development / software development experience, understanding of security protocols and APIs.
  • Strong experience with one or more common programming languages, frameworks, and libraries (VB, Java, .Net, Ruby, C++, Python, Struts, Spring, Groovy, JSON, Node.js, etc.)
  • Working knowledge of vulnerabilities associated with the OWASP Top 10 & SANS Top 20
  • Strong experience in writing scripts in languages such as Python, BASH, or PowerShell for automation
  • Working knowledge of application security testing techniques such as fuzzing, penetration testing and code scanning, ideally with both static (SAST) and dynamic (DAST) tools for client-server, web, mobile, and cloud applications
  • Understanding of secure SDLC principles and how to incorporate them into a SecDevOps program
  • Prior experience coordinating and leading project preferred
  • Understanding of technology, operations and key business processes.
  • Strong change management skills
  • Influencing and negotiation skills
  • Good verbal and written communication skills
  • Good organizational and interpersonal skills
  • Good critical thinking and problem solving skills