200+ applicantsPosted by Agency

Company

Capgemini · 3 hours ago

Lead DevSecOps Engineer Consultant

Phoenix, AZ

Full-time

Remote

Senior Level, Lead/Staff

$90K/yr - $150K/yr

10+ years exp

Maximize your interview chances

ConsultingInformation Technology

H1B Sponsor Likely

Hiring Manager

Amy Beth Andrews

Insider Connection @Capgemini

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Build pipelines to deploy infrastructure and applications to Azure and AWS using GitHub Actions

Leverage Infrastructure as Code to create integrated workflows

Provide release gates that are aligned with source control management approaches

Seamlessly integrate security features throughout the software development life cycle (SDLC)

Identify and mitigate security risks, implementing effective security controls

Develop applications and secure code to protect against risks and data breaches

Collaborate with cross-functional teams to ensure security alignment

Regularly demonstrate the new capabilities available in pipeline to diverse audiences

Seek feedback and direction from stakeholders on how to improve the reusable pipelines

Experience working with GitHub Actions and Terraform, building pipelines to deploy infrastructure and applications to Azure and AWS landing zones

Deep knowledge and understanding of DevOps best practices involving Automation, CI/CD, deployments, approval gates, hooks, and various methods for deploying software applications through multiple environments to target platforms

Experience with software testing tools and frameworks

Extensive experience and proficiency with GIT source code control and different branching strategies such as 'trunk based development'

Ability to direct and manage dev teams on best practices and usage patterns for DevOps CI/CD and automation leading to more secured software application deployments

Well versed in software bill of material and software supply chain analysis and safe practices

Experience creating and administering CI/CD tooling such as GitHub Actions, Azure DevOps, Jenkins

Experience with and deep understanding of difference vulnerability scanning techniques and their relevant tools such as SAST, DAST, SCA, IAST security scanning

Solid understanding of SDLC processes, modern programming stacks and their relevant vulnerabilities, .NET and Java

Operational experience and knowledge in common security scanning tooling and integration into CI/CD pipelines such as Azure DevOps, GitHub, Jenkins. e.g. Wiz.io Veracode, AppScan, CheckMarx, Snyk, Contrast, Sonar, Synopsis

Familiarity with OWASP and NIST standards and best practices for application security

Ability to assess false positives in security scanning tooling and give feedback and guidance to development teams on security scanning results

Experience adding security scanning tooling tasks to pipeline

Ability to perform automation and scanning of applications written or created with .NET and Java development stacks

Participate in design and code reviews, aligning with architectural goals

Ability to showcase and communicate technical solutions to business stakeholders

Experience leading teams a plus

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

CI/CD pipelinesGitHub ActionsTerraformDevOps best practicesGIT source controlSecurity scanning techniquesAzureAWSAutomationSoftware testing toolsSoftware supply chain analysisCI/CD toolingSDLC processes.NETJavaOWASP standardsNIST standardsFalse positives assessmentCode reviewsTechnical communication

Required

10-15 years of experience in Consulting Account Management, Business Development, and Sales within the realm of IT Outsourcing (ITO) deals