Senior Container Application Security Engineer

ADP - Roseland, NJ

posted 4 days ago

Full-time - Mid Level
Roseland, NJ
Professional, Scientific, and Technical Services

About the position

The Senior Container Application Security Engineer at ADP is responsible for designing, implementing, and managing container security scanning services. This role focuses on safeguarding critical information by assessing security risks and establishing a governance framework for the secure use of container images. The engineer will drive container security operations, support DevOps pipelines, and promote secure container development practices within the organization.

Responsibilities

  • Drive container security operations including supply chain risk initiatives across ADP's different business units.
  • Build and support security into the DevOps pipelines & help institutionalize the security scanning of container images in line with shift left strategy.
  • Provide support for managing supply chain vulnerabilities, image provenance, adversarial container security, and governance risk, and compliance (GRC).
  • Assist in developing solutions to generate a Container Security Bill of Materials (CSBom) and Vulnerability Exchange (VEX).
  • Promote a culture around secure container development through training, governance, and metrics.
  • Maintain awareness of container cybersecurity threats and best practices to enable securing and hardening at scale.
  • Customize policies, rules, and alerts to comply with established policies and settings.
  • Bring thought leadership into the program and drive excellence.
  • Identify meaningful KPIs/KRI's to drive progress and improvement.
  • Provide weekly scanning and monitoring reports.
  • Create and maintain Standard Operating Procedures (SOP).
  • Perform other duties as required.

Requirements

  • Basic knowledge and understanding of container security vulnerabilities (OWASP).
  • Understanding of container image formats such as Docker, OCI, etc.
  • Experience in implementing and rolling out container scanning solutions as part of container development.
  • Familiarity with internet technologies and web development secure coding best practices.
  • Understanding CI/CD pipelines covering source control, integration, and deployment (ex: Bitbucket, Jenkins, Rally, JIRA, Artifactory, Nexus, SonarQube, git, Snyk).
  • Previous software engineering/architecture experience (Java, C#, .Net, JavaScript, Python) preferred.
  • Strong analytical/problem-solving skills and basic cross-functional knowledge across multiple development and security disciplines.
  • Experience in training development teams on secure container practices.
  • Basic understanding of Test Automation tools and framework - NIST Container Security Framework.
  • Ability to communicate security-related concepts to technical and non-technical staff.
  • Understanding of Agile methodologies, Cloud, and Container Security.
  • Good problem-solving skills, communication and presentation skills.
  • Ability to work effectively as part of a remote team.
  • Self-motivated with a positive attitude.

Nice-to-haves

  • Degree in computer science, Information / Cyber Security, Computer Systems Engineering, Computer Information Systems, or equivalent education and experience required.
  • Any of the following are a plus but not necessary: CEH, CISSP, CSSLP, GCIA, GPEN, GWAPT.

Benefits

  • Inclusive and diverse workplace culture.
  • Opportunities for professional development and learning.
  • Support for community involvement through ADP's Philanthropic Foundation.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service