Share this Job

DevSecOps Security Architect

Date: Jul 13, 2021

Location: CHICAGO, IL, US, 60603-4013

Company: Grainger Businesses

 

Primary Function:

 

The Security Architect serves as the senior most expert within the Information Security discipline.  Unlike traditional security functions, the Security Architect demonstrates a firm competence in the ability to evaluate security strengths and weaknesses across the broader enterprise, aligning to risk appetite, business requirements, and security control objectives. 

 

This opportunity is focused primarily in the DevSecOps space and related technologies, as such the ideal candidate will offer extensive end-to-end expertise in the security hardening of technologies and services related to this focus.

 

Principal Duties & Responsibilities: 

 

  • Security Consultation: Represent Information Security for IT projects and solutions
  • Security analysis and guidance: Work with Architects and Infosec members to continuously benchmark company security posture, capability and maturity against Industry benchmarks. 
  • Security Standards and Solutions; working with Architects and SMEs, establish security standards to prevent later re-work while driving maturity, efficiency and effectiveness.

 

Preferred Education & Experience: 

 

  • Demonstrated experience in driving security maturity, effectiveness, automations, standardization, and efficiency across DevSecOps environments.
  • 9+ years of IT Security Experience. Industry certifications are highly desired (i.e. CISSP, CCSP, CISSP / CCSK, or other vendor-specific offerings)
  • Highly technical and analytical expertise, with a proven background in security technology design. This individual must be comfortable providing metrics, analysis, and quantitative/qualitative evidence.
  • Cloud security expertise across leading cloud providers such as Amazon AWS, Microsoft Azure, and Google Cloud
  • Understanding of containers (e.g., Docker) and container orchestration technologies (e.g., Docker Swarm, Kubernetes), and microservices architecture
  • Understanding of CloudFormation, Terraform, Ansible, Jenkins, and other Infrastructure as Code solutions.
  • Understanding of vulnerability management and secure development tools such as SAST, DAST, IAST, and SCA.  Experience incorporating these offerings into CICD pipelines.
  • Proficiency in frameworks such as MITRE ATT&CK and OWASP ASVS with the ability to articulate implications to the Development teams and DevSecOps environment.
  • Understand OIDC/OAuth/SAML architecture and use patterns.
  • Experience or background in NIST, ISO27001, NICE or other security-related control framework.
  • Capable of scripting in Python, Bash, Perl or Powershell ideal.

 

 

Grainger is an Equal Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, or protected veteran status.