DevSecOps & Secure-SDLC Engineer

Descrizione del lavoro:

Company:
Marsh Corporate

Description:

We are seeking a talented individual to join our DevSecOps & S-SDLC team at Marsh business. This role will be based in our Cluj - Napoca office. This is a hybrid role that has a requirement of working at least three days a week in the office.

What can you expect?
* Lead initiatives related to DevSecOps and Secure-SDLC
* Enhance the company's Secure Software development Lifecycle (Secure-SDLC) which in turn will reflect the company's Application Development Security Policy,
* Select and standardize application security tools. This includes vendor/tool assessments and full POC,
* Integrate Secure-SDLC requirements and other security policy/requirements into the DevSecOps processes,
* Define and enhance application security requirements and standards which must be designed for agile development methods leveraging traditional application architectures as well as cloud architectures and container workloads.

We will count on you to:
* Advise the application security leadership on best practices and standards around application security tools with main focus on shift-left, create predictable CI/CD pipeline processes, and enable application teams to develop new capabilities securely, and free from security defects, by design
* Assess security tools and related processes currently used within the various Software Development Life Cycle processes to identify improvements opportunities, and rationalize the tools set
* Select new application security tools including vendor/tool assessments and conduct full POC to prove that the security solutions/products are fit-for-purpose and fit-for-use
* Draft documentations for the Secure-SDLC and DevSecOps to illustrate the frameworks and its process guidelines to internal customers ensuring the style is palatable and easy to navigate
* Assess impact of new publications from the security industry (e.g. NIST 800-XXX, ISO 2700X:2022, etc) on the company's AppSec programs
* Research new trends and advise the application security leaderships on impact of the new trends as they relate to currently used tools, tool chain roadmap, efficiency and effectiveness of current processes, etc.
* Promote secure coding standard and all related processes
* Promote the priorities set forth by Global Information Security function, and the roadmap set forth by the Global Application Security
* Automate and integrate security scan and analysis tools into the DevSecOps pipeline

What you need to have:
* 5 years+ DevSecOps and Secure-SDLC work experience
* CISSP, CSSLP, cloud security, DevSecOps automation, or similar is required
* Post-secondary education or equivalent experience as a DevSecOps Engineer
* Develop/enhance and implement the Secure-SDLC framework
* Design, implement, and rollout DevSecOps automations and tool chain
* Implement sensors to collect data on key metrics for statistics and reporting
* Serve as the subject matter expert in Secure-SDLC and DevSecOps
* Advise on the processes and standards that are designed to implement a company's Application Development Security Policy
* Experience in designing Secure-SDLC processes and relevant tooling to support the processes
* Experience in software/application analysis tools like SAST, DAST, SCA, threat modeling, supply-chain etc.
* Technical hands-on experience in automating and integrating security scan and analysis tools into the DevSecOps pipeline.
* Experience in one or more programming languages
* Familiarity with security frameworks (OWASP Top 10, SANS Top 25, CWE)

What makes you stand out:
* Identify application security requirements and brainstorm solutions factoring in industry best practices
* Assess the tooling and remediation of threats and vulnerabilities within our software/applications, and the hosting environment

Why join our team:
* We help you be your best through professional development opportunities, interesting work, and supportive leaders;
* We foster a vibrant and inclusive culture where you can work with talented colleagues to create new solutions and have an impact for colleagues, clients, and communities;
* Our scale enables us to provide a range of career opportunities, as well as benefits and rewards to enhance your well-being;
* A yearly budget and the opportunity to build your flexible benefits package (up to 20% of your annual salary);
* 30+ days off (25 legal days off, 1 extra day off on your birthday, public holiday replacement days, extra buy/sell from your benefits budget);
* Performance Bonus scheme;
* Matching charity contributions, charity days off, and the Pay it Forward charity challenge;
* Core benefits - Pension, Life and Medical Insurance, Meal Vouchers, Travel Insurance;

Marsh (NYSE: MRSH) is a global leader in risk, reinsurance and capital, people and investments, and management consulting, advising clients in 130 countries. With annual revenue of over $27 billion and more than 95,000 colleagues, Marsh helps build the confidence to thrive through the power of perspective. For more information, visit corporate.marsh.com, or follow us on LinkedIn and X.

Marsh is committed to creating a diverse, inclusive and flexible work environment. We aim to attract and retain the best people and embrace diversity of age, background, disability, ethnic origin, family duties, gender orientation or expression, marital status, nationality, parental status, personal or social status, political affiliation, race, religion and beliefs, sex/gender, sexual orientation or expression, skin color, or any other characteristic protected by applicable law.

Marsh is committed to hybrid work, which includes the flexibility of working remotely and the collaboration, connections and professional development benefits of working together in the office. All Marsh colleagues are expected to be in their local office or working onsite with clients at least three days per week. Office-based teams will identify at least one "anchor day" per week on which their full team will be together in person