Sr. DevSecOps Architect Cbre
Dallas, TX

Job Description

The Team

CBRE Global Cyber Security Office - The Global CSO's mission is to mitigate cyber security risk by actively working with the CBRE business, Digital & Technology and other partner organizations (Compliance, Risk Mgmt., Audit, & Legal) to seamlessly integrate security processes, tools, and people into the business culture providing a holistic security ecosystem, driving continuous improvements and seamless protection / monitoring capabilities globally.

We are working to build a progressive development team with a mindset toward being agile and solving problems iteratively. Being in a senior position at the start of this team, we would want you to help shape the direction of the team moving forward.

You do not have to have experience in all skills listed to be qualified for the position. If you have years' worth of relevant similar experience we still want to talk to you.

Key Responsibilities:

* Installing, configuring, and administrating technologies for the Security Pipeline including SAST, DAST, IAST, SCA, secret scanning, etc...
* Building automation and governance around organization secrets management
* Developing in modern languages such as Ruby, JavaScript, Python, and Go
* Developing with modern frameworks such as Ruby on Rails, and Vue.js
* Collecting metrics from DevSecOps tools and implementing appsec log ingestion at scale using tools such as ELK, Sensu, Influx, or Prometheus
* Collaborate with internal security team members, and development teams across the globe to automate security tooling and processes to reduce the organization's security risk, while allowing teams to stay agile, and focused on their respective areas
* Learning and espousing secure coding practices to developers from all over the world
* Experience with conceptualization and implementation of a Security Champions program
* Have well founded opinions and be willing to express your disagreement when something doesn't pass the 'smell test' for you.

Required Knowledge and Skills:

* 10 yrs. of experience or equivalent skills in writing secure software with modern languages (Ruby and JavaScript strongly preferred).
* 4-5 yrs. of Linux systems administrator experience or equivalent skills.
* 3-5 yrs. of experience or equivalent skills with DevOps or CICD pipelines (Jenkins, Concourse, etc.).
* Strong experience with automating multiple systems.
* Databases such as Postgres, MySQL, and MS SQL Server.
* Source control with Git, and codehosts such as Github, Gitlab, etc.
* Experience or understanding of Infrastructure as Code (Terraform, CloudFormation, etc.), and configuration management tools such as Chef, Ansible, or SaltStack.
* Experience with two or more clouds. At least one of which must be AWS, or Azure.
* Development frameworks in multiple languages such as Django, Angular, React, React Native, etc.
* Containerization with Docker, and related orchestration tools such as Kubernetes, Nomad, etc.
* Security focused mindset, in addition to experience with security-oriented tooling, threat modeling, etc.
* Bachelor's degree (BA/BS) in a related field of work or equivalent work experience.

Desirable Knowledge and Skills:

* Experience with the Microsoft ecosystem is a plus
* Directory services like AD, and LDAP
* Experience with ServiceNow's REST API