Senior Security DevOps Engineer
Who We Are More than 30 years ago, E*TRADE pioneered the online brokerage industry by executing the first-ever electronic individual investor trade. While the landscape of our industry has changed dramatically, our culture of innovation and drive to make online trading accessible to everyone continues to drive us forward. We believe in challenging the status quo, fostering an environment of curiosity and learning, and, above all, putting our customers first.
About the Role As a member of the DevSecOps team
- Work with Development, DevOps and Security teams to identify and develop automated security and compliance capabilities in support of DevOps processes.
- Implement E*TRADE specific security policies in the CI/CD security tools including but not limited to SAST, DAST and SCA applications.
- Define the security rules that needs to be adhered to at a code level in web and mobile applications written in Java, React, Objective C, SWIFT, Kotlin etc.
- With your development background and security knowledge, provide security guidance to developers in the form of secure coding standards and guidelines.
- To support the standards, create templates and patterns to increase the efficiency and adoption of security program.
Qualifications Basic Requirements
- Bachelor degree with 6 years of work experience in the IT field
- 1+ years of exposure to the following:
- OWASP Secure Coding Practices
- Common software and web application security vulnerabilities
- Continuous Integration/Continuous Deployment (CI/CD) processes and concepts using relevant technologies and tools ( e.g., Jenkins )
- REST API design & development
- This role can sit in Arlington-VA or Alpharetta-GA
- A degree in Cybersecurity or CISSP/CSSLP certification or keen desire to move to security field
- Business acumen to support the implementation of SAST or DAST across the enterprise
- Ability to perform code reviews with minimal assistance
- A self-starter, with a strong desire for learning new technologies and applying them to solve problems
- Experience with two or more of the following application build environments: Jenkins, Gradle, Maven etc.
- Familiarity with public cloud services a plus (AWS preferably)
- Experience with two or more of the Secure SDLC tools: Burp Suite, Fortify, Checkmarx, AppSec SE, Veracode, WhiteSource, Sonatype
- Experience with Threat Analysis.
- Experience with DevSecOps, Secure SDLC.
- DevOps container/orchestration tools (Kubernetes, Docker, Puppet, etc) is a plus
- Experience with evaluation, integration and onboard of security tools such as RASP, WAF, vulnerability scanner results, container analyzers, open source scanning etc is a plus
We offer a competitive and comprehensive benefits package. Please visit https://www.etradecareers.com/why-work-at-etrade/employee-benefits/ to learn more about the opportunities.
E*TRADE Financial is an Equal Opportunity Employer who encourages diversity in the workplace. All qualified applicants will receive consideration for employment without regard to race, color, national origin, religion, sex, age, disability, citizenship, marital status, sexual orientation, gender identity, military or protected veteran status, or any other characteristic protected by applicable law.