Job Summary
Becoming an employee, or as we like to call it “a teammate,” of Brown & Brown introduces you to a career with virtually unlimited possibilities. Our unique corporate culture rewards self-starters and hard workers who adhere to our commitment to do what is best for our clients. With Brown & Brown you will get the training, the mentoring and the tools you need to succeed. Our teammates are bound together by shared goals and our collective commitment to integrity and quality. Brown & Brown’s local leaders are actively engaged in their communities and committed to maintaining an established network, as well as creating strong relationships of their own.
Currently we are seeking a talented DevSecOps Engineer to join our Retail Software Engineering team in one of our East Coast or Central time zone locations. As a member of the Software Engineering team, you will work as the liaison between our team and the internal customers to ensure our solutions are secure from the outset. You will also act as the bridge between our development team and our security team, with the prime goal being we design, build and deploy our solutions with security built in at the outset. We throughout the development lifecycle continue to deploy best practice secure coding principles and techniques to ensure we maintain a highly secure solution. Additionally, you will assist in developing an automated security framework utilizing robust deployment tools and processes, leveraging various scripting languages and open-source solutions.
RESPONSIBILITIES:
Review current security processes used in our Software Engineering teams & develop optimization strategies.
Work with the development teams to coordinate and perform vulnerability assessments through the use of automated and manual tools.
Provide consulting & mentoring expertise to our Developers, DevOps, and Software Engineering teams in a dynamic environment to promote and implement the DevSecOps program across our organization.
Ability to review and analyze vulnerability data to identify security risks to the organization’s network, infrastructure, and application’s and determine any reported vulnerabilities that are false positives.
Provide the expertise to prepare security vulnerability and risk management reports for management and other key stakeholders.
Ensure we deploy best practice Azure Configuration and Security Management tools and processes into our Software Engineering teams.
Provide leadership and teaming skills to coordinate remediation of vulnerabilities within established timeframes.
Perform other duties as assigned.
Work with our offshore partners and other internal Teammates to ensure successful project deliverables
Required Skills
REQUIRED COMPETENCIES:
Strong problem-solving skills for technology and security-related issues within complex business scenarios.
Must be a hardworking individual who is detail oriented, analytical and extremely inquisitive.
Bachelor’s Degree in Computer Science or related field.
Prior experience (3-5 years) in a Production Engineering or related position.
DevOps Automation: Azure, GitHub or other associated skills
CISM, CISSP or other Security Certifications.
Familiarity with API Security, Azure DevOps Services, Container Security, AWS Cloud Security
Knowledge of PCI-DSS, HIPPA, SOX, GDPR, and CCPA Standards and Policies and the associated certification and audit processes
Experience with security automation and machine learning.
Auditing and Compliance Certifications such as CISA, PCI-ISA, and PCIP.
Proficiency in C/C++ Programming and Bash, Python or other scripting languages.
Familiarity with Information Security frameworks/standards (i.e. CIS, NIST, RFC2196, etc).
Comprehension in the security areas of Key Management Systems, Certificate Management, Encryption, Penetration Testing, Vulnerability Scanning, Security and Monitoring tools, etc.
Experience configuring, implementing and leveraging computer security and networking diagnostic/monitoring tools.
Knowledge of Windows and Linux patch management and related information security functions (authentication, encryption, iptables, SSL, Ciphers, etc)
Ability to work with APIs and Plugins to integrate security tools into established CI/CD pipelines.
