Engineer DevSecOps

Who are we?

Vertiv, a $ global organization with nearly 20,000 employees, designs, builds and services critical infrastructure that enables vital applications for data centers, communication networks, and commercial and industrial facilities. We support today’s growing mobile and cloud computing markets with a portfolio of power, thermal and infrastructure management solutions.

Spark role essence:

The Application and Product Security Engineer (DevSecOps) is responsible for designing, building, testing, implementing, and maintaining a DevSecOps infrastructure within a dynamic global organization. The DevSecOps Engineer is expected to have a thorough understanding of various development environments and their respective toolchains. The center of our development processes and technology is built around GitLab. The environment and toolchain experience should span from basic DSP code development to complex cloud service deployments. It is very important to be able to keep current with the latest tools and methods supporting the industries the development teams are involved in. 

The ideal candidate will have extensive hands on experience not only in building out development environments from scratch but migrating from one environment to another. 

This position will be a technical contact and liaison between the Product Security team and various development teams. The primary role will be to ensure that the global DevSecOps architecture is being followed by the engineering teams. The position will involve daily support to the engineering teams to make sure they are able to comply to our secure development process. In addition, this position will facilitate communication of DevSecOps maturity to Vertiv leadership. It is important to be able to communicate to management clearly and concisely.

This position is the first technical escalation for triaging impact for newly announced CVE’s as well as reported vulnerabilities. The engineer must have the technical capability to investigate various application and component S/W implementations to discern potential impact and applicability to possible exploits.

What you will be doing?

• Act as DevSecOps design authority for projects within the Vertiv portfolio. Engage from the idealization through the development lifecycle in project execution
• Support the implementation of secure development best practices to assigned product and services development teams while achieving the company objectives 
• Drive alignment and governance across the assigned development teams
• Understand, advocate, and support the enterprise's product strategy along with assisting in the development and implementation/realization of the various product roadmaps with respect to DevSecOps
• Reviewing current system performance, efficiency, and security measures and recommending and implementing enhancements
• Analyze the current portfolio to detect critical deficiencies and recommend solutions for improvement
• Ability to work in global organization with onshore as well as offshore resources
• Serve as an escalation point for security issues from development engineering teams
• Cultivate a culture of security awareness and arranging continuing education of personnel to ensure security policies are always adhered to 
• Support a standard QA process with the product development teams
• Support our product certification process
• Support standard security testing labs
• Support automated security testing

What Would Be the Perfect Qualifications?

• A Bachelor’s Degree in Information Technology, Computer Science or related field is highly desirable. 
• Five (5) years’ experience in development and deployment capacity for S/W or embedded firmware, with a focus on integrating development process and enhancing performance and reliability
• Meaningful experience with GitLab
• Technical contributor of source code in a development team to create a product or service
• Solid understanding of development tools, processes, and best practices for a wide array of products. Embedded firmware to complex cloud deployments
• Strong knowledge of security protocols, cryptography, authentication, authorization and best practice architecture
• Experience implementing multi-factor authentication, single sign-on, identity management or related technologies
• Ability to interact with a broad cross-section of personnel to articulate and enforce best development process security measures
• Excellent written and verbal communication skills as well as business acumen
• Strong ability to establish good working relationships to influence change and achieve results within dynamic environment
• Meaningful technical contributions into the development lifecycle of a product or service

What kind of work will you be doing?

• Lengthy experience utilizing git, svn, cvs, and other SCM solutions
• Deployment and usage of Docker and Kubernetes technologies
• Certifications/accreditations relating to development processes and methodologies preferred
• Creating detailed technical reports and proof of concept code to document configurations
• Development experience in embedded systems and/or web-based applications
• Conducting research for the purposes of understanding new tools and methodologies to support a continuously evolving DevSecOps environment
• Linux kernel build configuration and integration experience
• Linux network device driver/data-path performance experience
• Knowledge and experience in Layer 2, Layer 3 networking, QoS
• Operating system configuration of Windows, Linux, Android and iOS
• Device boot process including boot loaders
• Experience in programming in assembly, C, and C++, Java, .NET, Python, and Go