Manager, SecDevOps

Manager, SecDevOps

As a Manager, SecDevOps you will help translate Security Architecture’s vision into a well defined, measured and enforced program ensuring optimized delivery and strategic alignment between GRC, DevSecOps and Appsec. This role will bring together building security into Procore’s Cloud Platform and Multi-Tenant SaaS Application and will be influencing the design and implementation of cyber security standards and controls on Procore’s cloud platform, defining secure development practices, identifying threats and risks and leading secure by design efforts. You will be acting as an SME for our cloud environment and helping design solutions and practices for hard to solve security problems. You will be driving adoption of Policy as Code, Adherence to Software Security Metrics, Leading Vulnerability Management all informed by GRC and Architecture requirements. 

Want more jobs like this?

Get Software Engineering jobs that are Remote delivered to your inbox every week.

Get Jobs

Send me The Muse newsletters for the best in career advice and job search tips.

By signing up, you agree to our Terms of Service & Privacy Policy.

A self-starter attitude, excellent communication, collaboration skills and dedication to innovative technologies are critical to this role.

Responsibilities

• Optimize strategy across the SecOps Blue team
• Work closely with engineers to write EPIC, Tasks and Stories to meet business objectives and clearly demonstrable results.
• Security Product Owner and Solutions Manager
• Operating in Agile or Kanban work methodologies
• Define, measure and enforce cloud security policies, standards, and best practices.
• Drive process development for Secure Coding Practices, Conduct Security Reviews and drive down security related technical debt in the platform and applications.
• Mentor engineering and operations staff on unique cloud-based security controls, Secure Coding Practices (to include extensive documentation and training on the ‘why’)
• Develop Software Security Assurance Practice within P&T Engineering & Cloud Platform Engineering
• Represent Procore in industry security meetings, act as security SME and advisor to customers looking to adopt Procore’s leading apps.
• Speak to customers about Procore’s security program when necessary
• Translate security objectives into engineering ready projects
• Foster a security first culture by partnering with dev teams and platform engineers to balance key performance and security.
• Create, Contribute to and Represent SecOps ADR’s
• Perform regular reviews and approval of cloud infrastructure Code, Platform Code, and Application Code for security, and cloud best practices. 
• Drive the adoption of Authentication and Authorization reference architectures for secure management of cloud infrastructure. 
• Educate peers on applying the latest cloud native security technologies when developing new services, systems, and applications.
• Contribute to a secure/compliant cloud-native service catalog.
• Collaborate with engineering and operations teams to implement and automate security controls and processes cloud-native security monitoring, tooling, and reporting.

Qualifications

• BA/BS degree in Computer Science OR equivalent practical experience
• Experience working in Platform Engineering, DevOps, DevSecOps or Building SaaS Applications or Architecture
• At least 5 years of Security focus and leading secure design security reviews in large engineering organizations
• Experience in leading Security Engineering Teams in a Platform / SaaS Application Development Organization
• Minimum 1 year of experience with active compliant environments, eg PCI-DSS, HITRUST, FEDRAMP, ISO 27001 or similar regulated industries.
• AWS or other Cloud Certifications
• Knowledge of risk assessment tools, technologies, and methods
• At least 3 years building platform, applications, and services on cloud infrastructure.
• Sound knowledge of AWS, Kubernetes, Containers, Microservices with experience reviewing, recommending and fixing security issues in the code with specific focus on OWASP Top Ten.
• Experience with Infrastructure-as-Code products like Terraform and CloudFormation.
• Experience with Policy-as-code solutions like Terraform Sentinel and Bridgecrew
• Deep understanding of security principles including encryption, authentication, etc.
• Thorough understanding of networking protocols such as TCP/UDP, SSL/TLS, IPSec, etc.
• Product Ownership for full lifecycle management

 Preferred Qualifications:

• Designing secure networks, systems, and application architecture
• Basic encryption theory and key management (PKI)
• Host or Network Based Intrusion Detection Tools (HIDS/NIDS)
• Compliance Automation
• Relevant security qualifications
• Knowledge of Edge and Device Security
• Prior expertise in Blue and Red Teams a plus
• Knowledge in creating and advancing GRC teams