Berkley

SecDevOps Security Architect

Location Name DE, Wilmington
ID
2024-10336
Date Posted
2 months ago(4/3/2024 3:48 PM)
Company
Berkley Technology Services LLC
Primary Location
US-DE-Wilmington
Category
Information Technology

Company Details

bts 2022 USE THIS ONE

 

Berkley Technology Services (BTS) is the dynamic technology solution for W. R. Berkley Corporation, a Fortune 500 Commercial Lines Insurance Company. With key locations in Urbandale, IA and Wilmington, DE, BTS provides innovative and customer-focused IT solutions to the majority of WRBC’s 60+ operating units across the globe. BTS’s wide reach ensures that ideas and opinions are considered at every level of the organization to guarantee we find the best solutions possible.  

 

Driven by a commitment to collaboration, BTS acts as consultants to our customers and Operating Units by providing comprehensive solutions that not only address the challenge at hand, but proactively plan for the “What’s Next” in our industry and beyond.  

 

With a culture centered on innovation and entrepreneurial spirit, BTS stands as a community of technology leaders with eyes toward the future -- leaders who truly care about growing not only their team members, but themselves, and take pride in their employees who shine. BTS offers endless ways to get involved and have the chance to grow your career into a wide range of roles you'd never known existed. Come join us as we push forward into the future of industry leading technological solutions.  

 

Berkley Technology Services: Right Team, Right Technology, Simple and Secure.  

Responsibilities

The SecDevOps Security Architect is a pivotal role within the IT Security team, specializing in the integration of security practices within the DevOps lifecycle. This role is dedicated to embedding security into every phase of the software development and deployment process, ensuring that vulnerability management, particularly in application security within CI/CD pipelines, is prioritized. The ideal candidate will champion the SecDevOps culture and practices across the organization, driving the adoption of security as code and automation in security testing.

 

  1. Vulnerability Management: Lead the development and implementation of a comprehensive vulnerability management strategy, focusing on automated scanning, identification, and remediation of vulnerabilities in code and dependencies throughout the CI/CD pipeline.
  2. Application Security: Design and implement application security best practices, including secure coding standards, security testing (SAST/DAST/IAST/RASP), and code review methodologies within the development lifecycle.
  3. DevSecOps Integration: Embed security tools and processes into the CI/CD pipeline, ensuring that automated security testing becomes an integral part of the development process.
  4. Cloud and Infrastructure Security: Architect secure cloud deployments and infrastructure as code (IaC) practices, ensuring that cloud environments and container orchestration systems (e.g., Kubernetes) are configured according to security best practices.
  5. Security Automation: Develop automation scripts and tools to streamline security processes, including automated threat detection and response mechanisms, to support rapid development cycles.
  6. Security Champion Program: Establish and lead a Security Champion program within development teams to foster a culture of security awareness and best practices sharing.
  7. Incident Response and Threat Modeling: Enhance the incident response plan with SecDevOps principles, ensuring rapid detection, response, and recovery. Conduct threat modeling exercises in the early stages of the development lifecycle.
  8. Security Architecture Review: Continuously review and update the security architecture to ensure it aligns with the latest SecDevOps practices, technologies, and threat landscape

Qualifications

  • At least 10 years of experience in information technology, with a minimum of 5 years in an information security role, including significant exposure to application security and DevSecOps practices.
  • Proven experience with integrating security into CI/CD pipelines, vulnerability management tools, and application security testing (SAST/DAST/IAST/RASP).
  • Strong knowledge of cloud security, container security, and infrastructure as code (IaC) security best practices.
  • Proficiency in programming languages and scripting for security automation (e.g., Python, Bash, PowerShell).
  • Familiarity with cybersecurity frameworks (NIST, ISO 27001) and understanding of security risk management, incident response, and security architectures.
  • Exceptional interpersonal and leadership skills, with the ability to influence a culture of security within agile development teams.
  • Ability to work independently or as part of a team to meet project deadlines in a fast-paced environment.
  • Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent work experience. Advanced degrees or relevant certifications (CISSP, CISM, SANS, DevSecOps, etc.) are highly preferred.

 

Preferred Qualifications:

  • Experience with leading SecDevOps transformation projects in large enterprise environments
  • Knowledge of privacy laws, data protection standards, and governance requirements.
  • Experience with security in microservices and serverless architectures.

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed

Connect With Us!

Not ready to apply? Connect with us for general consideration.