SUMMARY and RESPONSIBILITIES
The devops / devsecops pipeline architect cultivates a deep understanding of the way software is written, build and delivered at scale in modern, agile enterprises, and understand contemporary and emerging trends and technologies in instituting and embedding controls into modern development, build and release operations.
The architect uses process design and process optimization skills to review and propose enhancements, frequently including automation, to technology components and associated processes. The architect is fluent in topics in cyber-security and devops metrics, and engages devops architects to design and implement an effective metrics and reporting program.
The architect proactively engages stakeholders and functions throughout GIS to proactively identify synergies and impacts with devops software practices, including technology permit operations, risk analysis and remediation, as well as monitoring and response functions.
As an agent of change the architect understands and rallies proponents and adherents of alternative software lifecycles, and promotes a nuanced yet comprehensive understanding of the virtues of devops processes, and develops a strategy that optimizes enterprise security posture using available resources.
- Design and supervise the integration of application security validation and control technology into software development, build, test and release platforms
- Engage scrum masters, developers, and associated devops stakeholders to articulate security processes and objectives, and facilitate execution toward security objectives
- Subject matter expertise in application security of one or more major enterprise application platforms used by Bank of America, incl. but not limited to Java / J2EE, .Net, Mobile (iOS and / or Android), Big Data, Python, Mainframe
- Apply and interpret application security objectives in context of designated platforms
- Identify, champion, and supervise the implementation of defensive controls, methods and processes within Bank applications
- Contribute to an enterprise library of application security components and systems through vendor selection, evaluation, and original contributions
- Pro-actively engage stakeholders, including development managers, developers, architects, and governance bodies in the Bank to achieve security objectives
- Deliver multiple technology projects across multiple teams
- Regularly interact with senior technology and business management, requiring the ability to explain complex technical matters in a way both technical and non-technical personnel can understand
- Manage business partner relationships to deliver a seamless and responsive workflow
- Collaboratively develop technical architectures, processes and procedures pursuant to application security objectives together with business and technical partners
- Deliver training and collaborate with internal and approved external knowledge-sharing bodies
- Develop processes and procedures to advance application security objectives, suitable for adoption throughout the Bank
- Contribute to and interpret enterprise policies, standards, and baselines and mentor personnel with less experience or knowledge of the same
REQUIRED SKILLS AND EXPERIENCE
- 5-10 years of progressive experience in application security and / or software development
- Bachelor's degree or higher in CS, IT, a related technical or engineering field
- Experience working in the financial sector
- CISSP or similar professional certification, or commensurate experience
- Experience with devops processes such as Agile, Scrum and Kanban, and technologies, such as Jenkins, JIRA, Maven and Artifactory
- Familiarity with contemporary open-source and market offerings around devops and devsecops
- Exposure to application security testing techniques
- Able to read and write software in at least one programming languages such as C, C++, .Net, Java, Python
- Comprehensive understanding of at least one application security life cycle, up to and including operations, maintenance and decommissioning
- Knowledge of at least three application security testing methodologies and approaches, including formal methods, system level security, SAST / DAST, threat modeling, ethical hacking and crowd-sourcing
- Experience with business planning, governance and management of application development or application security functions at a systemically important financial institution
- Ability to write policies, standards and baselines around application security and associated topics