Vacancy expired!
DevSecOps Engineer Job Description
Senior DevSecOps Engineer CoStar Group, Inc. (NASDAQ - CSGP) ( www.costar.com ) is commercial real estate's leading provider of information and analytic services.Founded in 1987, CoStar conducts expansive, ongoing research to produce and maintain the largest and most comprehensive database of commercial real estate information. Our suite of online services enables clients to analyze, interpret and gain unmatched insight on commercial property values, market conditions and current availabilities.Headquartered in Washington, DC, CoStar maintains offices throughout the U.S. and around the world with a staff of approximately 4,300 worldwide, including the industry's largest professional research organization.OVERVIEW Identify and implement security improvements across private and public clouds utilized in the delivery of CoStar's customer facing products and corporate applications. Implement secure practices, defense in-depth and monitoring and event response tool sets to handle growing threats in the cloud. Work closely with DevOps, DBAs, Systems, and Network engineers to refine and enforce security practices. BASIC QUALIFICATIONS- Bachelors in Computer Science or related field
- Relevant experience areas (deep expertise required in at least 3):
- Engineering cloud security guard rails in AWS, Azure, or Google Cloud Platform.
- Strong understanding of serverless technologies and security implications deployed in public cloud - AWS Lambda, Containers (ECS Fargate, EKS), etc.
- Container and Kubernetes - Securing container images at rest, build, and runtime.
- Experience deploying automated security tooling in CI/CD pipelines.
- Cloud Security Posture Management (CSPM) tools - CloudCheckr, Prisma Cloud, Cloud Conformity, AWS GuardDuty, AWS Config, DivvyCloud, etc.
- Infrastructure as Code (IaC) - Ansible, Terraform, Chef, AWS Cloudformation, SaltStack, Puppet.
- Scripting languages such as PowerShell, Python, GoLang, Ruby, etc.
- Key Management - Privileged account management solutions in the cloud for key management, service account and secrets management, rotation, and event response, including tools such as Secret Server (Thycotic), Vault (HashiCorp), Cloud KMS, or similar tool set.
- Cloud access security broker (CASB) or similar experience securing SaaS offerings such as O365, GoogleApps, and other cloud vendors.
- Optional, but very relevant certifications: AWSCSA, OSCP, SANS/GIAC, CISSP, CISA, CISM, CEH, CCNA, CCNP, MCSE, MCP, MCTS, Security+, MCITP
- Comprehensive healthcare coverage: Medical / Vision / Dental / Prescription Drug
- Life, legal, and supplementary insurance
- Commuter and parking benefits
- 401(K) retirement plan with matching contributions
- Employee stock purchase plan
- Paid time off
- Tuition reimbursement
- On-site fitness center and/or reimbursed fitness center membership costs (location dependent), with yoga studio, Pelotons, personal training, group exercise classes, as well as Segways and bikes available for use during the day
- Complimentary gourmet coffee, tea, hot chocolate, prepared foods, fresh fruit, and other healthy snacks
Vacancy expired!