Smbc - White Plains, NY
posted 5 months ago
The DevSecOps Engineer Associate role at SMBC Group is a critical position within the Cyber Security and Information Risk department, focusing on safeguarding Capital Market's information systems. This role involves administering security projects and requires active participation in technical research and development for both on-premises and cloud solutions. The engineer will act as a liaison between Development, Operations, and Cybersecurity Risk teams, utilizing programming knowledge, threat management, and communication skills to integrate cybersecurity practices throughout the Software Development Life Cycle (SDLC). Reporting directly to the Head of Cyber Security of Capital Markets, with additional reporting lines to the regional Chief Information Security Officer (CISO) of the Americas Division and the Capital Markets' Chief Operating Officer (COO), this position is pivotal in ensuring that security measures are effectively implemented and maintained. The DevSecOps Engineer will be responsible for configuring, deploying, and maintaining Information Security systems and cloud services in alignment with SMBC's policies and standards. Collaboration with the DevOps team is essential to ensure that the Continuous Integration/Continuous Deployment (CI/CD) pipeline incorporates security measures from the outset. The role also involves ongoing technical research and development to foster innovation in Cyber Security and Information Risk management. Key objectives of this role include hands-on engineering and architecting of cybersecurity solutions using industry best practices to mitigate threats, partnering with Site Reliability Engineering (SRE) and DevOps teams to automate security controls within CI/CD pipelines, and tracking the remediation of vulnerabilities in code, containers, and infrastructure as code. The engineer will also implement automation for security compliance testing within the development lifecycle, develop and report Key Risk Indicators (KRIs) within the Secure SDLC processes, and present updates to management regarding project accomplishments, challenges, and risks.