Dev Ops Pipeline Architect
Chicago, IL

Job Description

Job Description:

The devops / devsecops pipeline architect cultivates a deep understanding of the way software is written, build and delivered at scale in modern, agile enterprises, and understand contemporary and emerging trends and technologies in instituting and embedding controls into modern development, build, and release operations.

The architect uses process design and process optimization skills to review and propose enhancements, frequently including automation, to technology components and associated processes. The architect is fluent in topics in cyber-security and devops, and engages devops architects in partnership to design and implement an effective program.

The architect proactively engages stakeholders and functions throughout GIS to proactively identify synergies with and impacts of controls on devops software practices, including technology permit operations, risk analysis and remediation, as well as monitoring and response functions.

As an agent of change the architect understands and rallies proponents and adherents of enterprise-, domain-, and platform-oriented software lifecycles, and promotes a nuanced yet comprehensive understanding of the virtues of devops processes, and develops a strategy that optimizes enterprise security posture using available resources.

Primary Responsibilities

* Design and supervise the integration of application security validation and control technology into software development, build, test and release platforms
* Engage scrum masters, developers, and associated devops stakeholders to articulate security processes and objectives, and facilitate execution toward security objectives
* Subject matter expertise in application security of one or more major enterprise application platforms used by Bank of America, incl. but not limited to Java / J2EE, .Net, Mobile (iOS and / or Android), Big Data, Python, Mainframe
* Apply and interpret application security objectives in context of designated platforms
* Identify, champion, and supervise the implementation of defensive controls, methods and processes within Bank applications
* Contribute to an enterprise library of application security components and systems through vendor selection, evaluation, and original contributions
* Pro-actively engage stakeholders, including development managers, developers, architects, and governance bodies in the Bank to achieve security objectives
* Deliver multiple technology projects across multiple teams
* Regularly interact with senior technology and business management, requiring the ability to explain complex technical matters in a way both technical and non-technical personnel can understand
* Manage business partner relationships to deliver a seamless and responsive workflow
* Collaboratively develop technical architectures, processes and procedures pursuant to application security objectives together with business and technical partners
* Deliver training and collaborate with internal and approved external knowledge-sharing bodies
* Develop processes and procedures to advance application security objectives, suitable for adoption throughout the Bank
* Contribute to and interpret enterprise policies, standards, and baselines and mentor personnel with less experience or knowledge of the same

Required Skills


* Experience with devops processes such as Agile, Scrum and Kanban, and technologies, such as Jenkins, JIRA, Maven and Artifactory
* Familiarity with contemporary open-source and market offerings around devops and devsecops
* Knowledge of relevant standards, including IETF (e.g., HTTP, TLS, and networking), W3 (e.g., HTML, Javascript, DOM) as well as platform-specific standards
* Exposure to application security testing techniques
* Able to read and write software in at least one programming languages such as C, C++, .Net, Java, Python
* Comprehensive understanding of at least one application security life cycle, up to and including operations, maintenance and decommissioning
* Knowledge of at least three application security testing methodologies and approaches, including formal methods, system level security, SAST / DAST, threat modeling, ethical hacking and crowd-sourcing
* Experience with business planning, governance and management of application development or application security functions at a systemically important financial institution
* Ability to write policies, standards and baselines around application security and associated topics
* Required Experience Level:


* 5-10 years of progressive experience in application security and / or software development
* Bachelor's degree or higher in CS, IT, a related technical or engineering field
* Experience working in the financial sector
* CISSP or similar professional certification, or commensurate experience
* Desired Skills:


* Technical writing skills
* Public speaking skills
* Cyber security experience at a systemically important financial institution
* Experience working at a bank, credit union, money services business, or similar
* Experience with online collaboration tools and technologies such as Sharepoint, Slack, HipChat, video conferencing
* Understanding of contemporary networking technologies, e.g., TCP/IP, routing, subnetworking, firewalls, VPN and DMZ
* Knowledge of NIST 800 series, FIPS standards, ISO 27000 series, CSA and related standards

Posting Date: 06/29/2019

Location: Denver, CO, REPUBLIC PLAZA, 370 17TH ST, Chicago, IL, 135 S LA SALLE ST (IL4135), Addison, TX, 16001 N Dallas Pkwy (TX8044), Annandale, VA, ANNANDALE BC, 7400 LITTLE RIVER TPKE, - United States

Travel: No

Full / Part-time: Full time

Hours Per Week: 40

Shift: 1st shift