DevSecOps Engineer
Why We Need You – The Mission & Our Vision
Veryon is a leading software and technology company that exists to enable aviation teams around the world to improve efficiency and safety. Our products maximize uptime for aircraft maintenance teams through our customer driven innovation and world class customer service.Veryon has more than 7,500 customers in 137 countries, we service general and business aviation, military/defense, commercial aviation, and OEM industries. Our core values drive us, in business, internally, and in our everyday lives.As a DevSecOps Engineer, you will play a pivotal role in defining, maintaining, and implementing Veryon’s security strategy.
You will apply your deep expertise in information security technologies, concepts, and methodologies to combat potential cyber threats and ensure regulatory compliance of Veryon. You will find yourself engineering, implementing and managing security measures to protect Veryon’s engineering infrastructure and applications from vulnerabilities and cyber-attacks.
What You’ll Accomplish - Your Performance Objectives
Objective #1
In Your First 30 Days, you will:
- Complete onboarding process including understanding Veryon’s policies and procedures.
- Engage with stakeholders across the organization and build mechanisms and cadences for collaboration and information sharing.
- Meet with leaders and key roles in Engineering, IT and Security to gain an understanding of the current landscape including people, processes and technology.
- Review all architecture documentation and note down missing information that would be required or relevant to a security program.
Objective #2
In your first 90 days, you will:
- Kick off a new process to regularly identify and prioritize security risks to the organization – threat modeling / risk profiling
- Security Champions pilot program: lead engagements w/ volunteer engineering peers to build security-first coding practices
- Work with DevOps and SecOps teams to identify and create special policies and procedures for high risk assets (i.e. assets with larger and/or sensitive datasets)
- Present a review of existing policies in tooling (i.e. Crowdstrike, Palo Alto, Active Directory), suggestions for revisions/updates, and impacts to downstream systems.
- Optimize Security Monitoring Dashboards and alert resolution processes
- Review and suggest improvements to Incident Response Plans
Objective #3
In your first 12 months, you will:
- Deliver next phase of Security Champions program plans.
- Deliver regular reporting on the overall security of the organization derived from various sources such as vulnerability scanning, high risk assets, penetration testing, etc.
- Demonstrate measurable improvement in prioritization and remediation of organizational security risks.
- Identify, prioritize and implement at least two new major security innovations across Veryon infrastructure.
- Contribute to compliance and regulatory audit efforts.
- Enhance engineering cloud security posture via benchmarking and audits, leveraging existing tools and/or implementing required tooling.
- Security process automation (SOAR for example).
Key Job Responsibilities and Experience and Skills We Seek
- Provide subject matter expertise for cloud (AWS/Azure) infrastructure and application security design and implementation.
- Implement security controls and design requirements during the software development process and change management lifecycle.
- Demonstrate exceptional proficiency in identifying systems vulnerabilities and providing actionable remediation suggestions.
- Define best in class authentication and authorization methods and access controls.
- Identify security design gaps in existing and proposed architectures and recommend changes or enhancements.
- Conduct or facilitate threat modelling of services and applications that tie to the risk and data associated with the service or application.
- Design technical solutions to address security weaknesses, and work with relevant stakeholders to implement them.
- Partner with SecOps and Engineering functions to address vulnerabilities with internal and external facing systems.
- Research advanced approaches regarding application security best practices in the field to determine trends that may impact the operations and address services optimization and continuous improvement opportunities.
- Stay on the leading edge of security, vulnerability practices and remain current on new technologies and available vendor packages.
- Provide guidance and expertise to ensure that security measures are effectively integrated into all aspects of the organization's landscape.
- Participate in application and infrastructure projects to provide security-planning advice
Examples of Responsibility:
Security Integration in DevOps:
- Implement security measures at various stages of the DevOps pipeline to identify and mitigate security risks early in the development process.
- Collaborate with development and operations teams to integrate security tools and processes, ensuring that security is a fundamental part of the DevOps workflow
CI/CD Pipeline Security:
- Develop, maintain, and enhance CI/CD pipelines with integrated security tools such as static and dynamic analysis, software composition analysis, and vulnerability scanning
- Automate security testing and enforce security policies within the CI/CD pipelines
Infrastructure as Code (IaC):
- Implement and manage security controls in infrastructure as code (IaC) environments using tools like Terraform, AWS CloudFormation, etc
- Regularly audit IaC scripts for security vulnerabilities and ensure compliance with industry best practices
Security Monitoring and Incident Response:
- Implement security monitoring tools and processes to detect and respond to security incidents in real-time
- Work with the security team to investigate and respond to security breaches, ensuring that any issues are quickly identified and resolved
Collaboration and Communication:
- Work closely with development, operations, and security teams to advocate for and implement security best practices
- Provide guidance and training to teams on secure coding, security automation, and best practices for DevSecOps
Compliance and Governance:
- Ensure that all DevSecOps processes comply with relevant regulations and industry standards (e.g., ISO, GDPR, SOC 2).
- Assist in maintaining security documentation, policies, and procedures related to DevSecOps activities.
Job Requirements:
- Bachelor’s or master’s degree in computer science, Information Systems or related quantitative field.
- 7+ years of relevant working experience or working in similar role.
- Deep understanding of "security by design" and "privacy by design" concepts, able to articulate secure architectural options to technical and non-technical stakeholders and provide recommendations.
- Experience with continuous integration, continuous delivery, test development, release management and related CI/CD and DevOps tooling (GitLab, Kubernetes, IAM etc.).
- Demonstrable skills in two or more programming/scripting languages.
- Strong planning, strategic thinking, and prioritization skills.
- Proactive and excellent communicator with a team-oriented approach to solve business problems with entrepreneurial mindset to constantly improve the status quo.
- Ability to keep up with the state-of-the art security and cloud computing trends in the market and quickly comprehend how to apply to Partners Group environments.
How We Work – The Core Values That We Live By
Fueled By Customers:
We work hard so our customers can get more uptime. A customer-centered approach is on the forefront of our minds. We’re big on transparent communication with our customers, and we celebrate their wins internally because we love the positive impact we’re making on their lives.
Win Together:
We focus on the “we” and not the “me”. Collaboration is key, we value diverse backgrounds and skill sets. Our mission is to win as a team, we think everyone plays an integral part in our success.
Make it Happen:
When we make a commitment, we get it done. We take a proactive approach, we commit, we adapt to evolving landscapes and problems, we tackle problems at every difficulty level.
Innovate to Elevate:
We set the standard in aviation by embracing and advancing cutting edge technology. We take a fail-forward approach using everything as a learning experience. We encourage creativity and experimentation within our teams. This helps us set the bar high and provide world class expertise in aviation.