DevSecOps Analyst

Posted about 18 days ago Apply by July 31, 2024
Hybrid-Remote Des Moines Metro Area
Hybrid-Remote Omaha Metro Area
Hybrid-Remote Waterloo & Cedar Falls, IA
Full-Time

Summary

The DevSecOps Analyst plays a crucial role within the Web Development team, overseeing the maintenance of both internal and external websites for the credit union. The DevSecOps Analyst will seamlessly incorporate security measures throughout the software development and deployment processes, effectively connecting development, operations, and security teams.

Essential Functions

  • Collaborate with Web Development and IT Security to implement effective solutions for identified vulnerabilities, applying industry standard security measures and coding techniques to remediate issues promptly and efficiently. 
  • Create and maintain comprehensive documentation detailing application architecture, dependencies, data flows, security protocols, and best practices. 
  • Serves as the representative for the Web Development department during all audit procedures. 
  • Responsible for defining and implementing the build, deployment, and monitoring standards for the web development applications throughout the credit union. 
  • Be an active participant of the development team to deliver end-to-end automation of deployment, monitoring, and infrastructure management. 
  • Build and configure delivery environments supporting CI/CD tools using an Agile delivery methodology. 
  • Work closely with the development team to create an automated continuous integration (CI) and continuous delivery (CD) system. 
  • Develop, document, and implement CI/CD strategy. 
  • Monitor and support all installed systems and infrastructure from a web development perspective. 
  • Work together with vendors and other IT personnel for problem resolution. 
  • Evaluate application performance, identify potential bottlenecks, develop solutions, and implement them with the help of the web development team. 
  • Maintain and oversee code repositories, code branching, and repository merging. 
  • Ensure developers are following all code and security standards by reviewing commits, making suggestions, and verifying code is up to standards and secure prior to going to production. 
  • Lead and execute change management procedures, ensuring seamless transitions and organizational readiness for evolving processes, technologies, and strategies. 
  • Participate in hands on development to assist the team as needed. 
  • Stay up to date on new security threats and industry trends, allowing the web development team to be proactive in combating fraud and security threats. 
  • Implement yearly security training for all developers on the team. 
  • On call availability required for system support as needed (includes nights and weekends). 

Key Attributes

  • Oral and written communication skills.
  • Member service focus.
  • Attention to detail and accuracy.
  • Positive attitude that supports a team environment.
  • Dependable and punctual; flexible during peak times.
  • High level of confidentiality.
  • Organizational skills.
  • Self-motivated; ability to work without close supervision.
  • Problem solving; analysis.

Physical Demands

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job:
  • Occasionally lift and/or move items over 10 pounds.
  • Remain sedentary (seated) for extended periods of time.

Working Conditions

This job operates in a professional office environment and routinely uses standard office equipment.

Travel

Limited travel expected.

Required Education And Experience

  • Bachelor's Degree in related field or equivalent combination of education, training, and experience of 8+ years. 
  • 5+ years of Web Development experience, preferably in a team environment. 
  • 5+ years of experience with the following: ASP.NET, C#NET, VB.NET, MVC, MVVM pattern, Razor syntax, HTML5, CSS3, jQuery, JavaScript, Bootstrap, SEO and WCAG principles. 
  • 5+ years of experience with web services and API integrations. 
  • 5+ years of experience with OWASP security principles. 
  • 1+ years of experience with SAST and DAST security testing methodologies. 
  • 3+ years of experience with physical database design and database schemas that represent and support business processes (SQL/MySQL). 

Preferred Education And Experience

  • Experience in managing and defining security in the software development lifecycle (SDLC). 
  • Experience with secure development, coding, and engineering practices. 
  • Experience with fully automating CI/CD pipelines end-to-end, from commits to production. 
  • Knowledge of conducting security checks (static and dynamic code analysis, vulnerability analysis in applications and penetration tests). 
  • Knowledge of securing web applications and APIs against common vulnerabilities. 

Other Duties

Veridian Credit Union is a PCI compliant financial institution to ensure the security of member information. As such, all employees are expected to ensure security measures are in place and adhered to regarding PCI and other highly secure data compliance requirements.

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice.

Apply Now