Computer Services, Inc. (CSI) needs to integrate security practices into their development and infrastructure workflows to secure their financial services platform, focusing on automation, compliance, and secure operations.
Requirements
- Experience with CI/CD pipelines and automation tools (e.g., Jenkins, GitLab CI, GitHub Actions).
- Familiarity with Infrastructure as Code (IaC) and configuration management tools such as Terraform and Ansible.
- Working knowledge of network security concepts and technologies, including firewalls, DNS, WAFs, email security, and endpoint detection and response (EDR).
- Exposure to SIEM and SOAR platforms (e.g., Splunk, Microsoft Sentinel, Cortex XSOAR) for threat detection and response.
- Experience supporting compliance initiatives (e.g., PCI DSS, HIPAA, GLBA) or working in a regulated industry.
- Proficiency in scripting or automation languages (e.g., Python, Bash, PowerShell).
- Understanding of cloud platforms such as AWS, Azure, or GCP, including basic security best practices.
Responsibilities
- Works closely with various IT teams, including development, operations, and cloud engineering, to integrate security seamlessly into the Software Development Lifecycle (SDLC) and Infrastructure as Code (IaC) processes.
- Develops and maintains CI/CD pipelines and automation scripts, implements security testing, and configuration management using tools like Ansible, SOAR, and Terraform.
- Ensures compliance with security frameworks and regulations, including PCI DSS, HIPAA, and GLBA by participating in security audits, risk assessments, and implementing necessary controls.
- Develops and reviews technical specifications for IT system procurement, including evaluating vendor submissions from bids, requests for information, and proposals.
- Establishes and maintains real-time security monitoring, alerting, and reporting mechanisms using tools such as Splunk and SIEM solutions to enhance visibility and compliance.
- Leads security training initiatives, educating teams on secure coding practices, threat prevention, and compliance mandates while staying updated on evolving cybersecurity trends and emerging technologies.
Other
- 3+ years of hands-on experience in cybersecurity, DevSecOps, or infrastructure security roles, preferably within the financial services or technology sector.
- Education or formal training in information security or related technology from an accredited university, college, or trade school.
- Advanced certifications are highly recommended (e.g., CISSP, CEH, or equivalent).
- Strong problem-solving skills, attention to detail, and the ability to work independently and manage project timelines.
- Effective communication skills for cross-functional collaboration and documentation.
- We are unable to offer visa sponsorship for this position. Applicants must be authorized to work in the United States without the need for sponsorship now or in the future.
