Devsecops Engineer

Job Function: Goatpath Why SoftwareONE?:
**_ About Goatpath_**

Goatpath is SoftwareONE’s software team that builds platforms and products to automate and govern customers’ software and cloud investments through intuitive products they love to use. We are humble, nimble, focused, always ready to do what’s right, not afraid to take the toughest and unmarked path - this is what Goatpath stands for. Within Goatpath there are currently four product groups: Marketplace, Cloud, Digital and Insights. The Marketplace team aims to be at the top of software, while Cloud seeks to build the most simple and intelligent cloud management platform. Insights will allow customers to benchmark their maturity in the space of spend and technology, while Digital will revolutionize how customers will interact with SoftwareONE. All products are built on a shared platform

As part of our team, you will be supporting teams and projects by delivering product security and technical support to help our DevOps and engineering team to improve their security posture and respond to the dynamic nature of cyber security threats. You will provide cloud security domain expertise and utilise your business insight to work closely with our teams to advise, design, build and deploy pragmatic security solutions that will provide real and tangible benefits to protect our organisations.

The role:

- Securing our Software Development Life-Cycle supporting technologies by participating in and improving security-related phases of the cycle.
- Continually research, communicate, promote and implement improvements in automation and security technologies and practices, deployments and monitoring throughout the organization.

What we need to see from you:

- Experience with cloud environment and security systems preferably (Azure and AWS) with knowledge of secure software development life cycle (SSDLC), CI/CD pipeline, with securing containerized environments (Docker, Kubernetes), DevSecOps and SSDLC process automation is desired
- Prior experience in writing the code using one or more languages: Java,.Net, Groovy, Python and PowerShell is desired with implementing security measures as Infrastructure as Code (Terraform)
- Knowledge of OWASP, SANS, or other security-related frameworks and penetration testing methodologies
- Familiar with laws, regulations, and industry standards such as PCI DSS, GDPR, SHREMS II, CCPA, GLBA, NIST SP800-53 and Cybersecurity Framework, and International Organization for Standardization (ISO) series 27001/2, 27005, 31000
- Hold certifications in one or more of the following:

- CCSP or CISSP or OSCP, CompTIA Security+, Microsoft Azure Certifications AZ-103, AZ-300, AZ-301, AZ-500, AZ-900

Being part of SoftwareONE means we live and breathe our company’s core values, most of all “Customer Focus” and “Speed”. But being part of the Goatpath team is a little more than that. Every single day we ask ourselves and our team members to:

- Be curious, try things out If you fail, that’s ok - we don’t blame
- Embrace change and start with “why not?” instead of “why?”
- Prioritize good over perfect - don’t withhold customers from functionality
- Leave the ego and office politics at the door
- Take ownership
- .. and have fun

LI-NP4