Senior Container Application Security Engineer

ADP - Alpharetta, GA

posted 4 days ago

Full-time - Senior
Alpharetta, GA
Professional, Scientific, and Technical Services

About the position

The Senior Container Application Security Engineer at ADP will play a crucial role in safeguarding the company's containerized applications by designing, implementing, and managing container security scanning services. This position is part of the Global Security Organization (GSO) and focuses on integrating security controls early in the product development lifecycle, assessing security risks, and establishing governance frameworks for secure container image usage. The engineer will collaborate with various stakeholders to enhance the security posture of ADP's products and promote a culture of secure container development.

Responsibilities

  • Drive container security operations including supply chain risk initiatives across ADP's different business units.
  • Build and support security into the DevOps pipelines and help institutionalize the security scanning of container images in line with shift left strategy.
  • Provide support for managing supply chain vulnerabilities, image provenance, adversarial container security, and governance risk and compliance (GRC).
  • Assist in developing solutions to generate a Container Security Bill of Materials (CSBom) and Vulnerability Exchange (VEX).
  • Promote a culture around secure container development through training, governance, and metrics.
  • Maintain awareness of container cybersecurity threats and best practices to enable securing and hardening at scale.
  • Customize policies, rules, and alerts to comply with established policies and settings.
  • Bring thought leadership into the program and drive excellence.
  • Identify meaningful KPIs/KRIs to drive progress and improvement.
  • Provide weekly scanning and monitoring reports.
  • Create and maintain Standard Operating Procedures (SOP).
  • Perform other duties as required.

Requirements

  • Basic knowledge and understanding of container security vulnerabilities (OWASP).
  • Understanding of container image formats such as Docker, OCI, etc.
  • Experience in implementing and rolling out container scanning solutions as part of container development.
  • Familiarity with internet technologies and web development secure coding best practices.
  • Understanding CI/CD pipelines covering source control, integration, and deployment (ex: Bitbucket, Jenkins, Rally, JIRA, Artifactory, Nexus, SonarQube, git, Snyk).
  • Previous software engineering/architecture experience (Java, C#, .Net, JavaScript, Python) preferred.
  • Strong analytical/problem-solving skills and basic cross-functional knowledge across multiple development and security disciplines.
  • Experience in training development teams on secure container practices.
  • Basic understanding of Test Automation tools and framework - NIST Container Security Framework.
  • Ability to communicate security-related concepts to technical and non-technical staff.
  • Understanding of Agile methodologies, Cloud, and Container Security.

Nice-to-haves

  • Any of the following are a plus but not necessary: CEH, CISSP, CSSLP, GCIA, GPEN, GWAPT.

Benefits

  • Diversity, Equity, and Inclusion initiatives
  • Philanthropic Foundation support for associates in need
  • Opportunities for professional development and training
  • Flexible work environment with hybrid options
  • Collaborative and inclusive company culture

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service