Senior Security Engineer, DevSecOps

Delta Air Lines - Atlanta, GA

posted 4 days ago

Full-time - Senior
Atlanta, GA
Air Transportation

About the position

The Senior Security Engineer, DevSecOps at Delta Air Lines is responsible for enhancing the security posture of the organization by implementing DevSecOps practices. This role involves building and maintaining application security testing processes, conducting code reviews, and ensuring secure coding practices are followed. The engineer will work closely with development teams to integrate security into the CI/CD pipeline and will lead educational sessions on security tools and best practices. The position requires a strong background in cloud technologies and security tools, as well as the ability to solve complex technical problems effectively.

Responsibilities

  • Lead projects to implement tools in CI/CD pipelines for Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Source Code Analysis (SCA) using VeraCode.
  • Work with tools like Sonatype Nexus to track and block risky third-party components.
  • Secure containers within ROSA, Tekton, and OpenShift pipelines.
  • Design, develop, and maintain Cloud DevSecOps processes across multiple technical organizations.
  • Guide development teams in integrating new services into the CI/CD pipeline and troubleshoot installations.
  • Utilize CI tools such as Jenkins, Tekton, CircleCI, and AWS Code Pipeline.
  • Facilitate training on enterprise tools and best practices.
  • Collaborate with Agile teams to support technical solutions in full-stack development.
  • Apply software development skills to recommend secure coding practices.
  • Conduct security assessments against web applications and APIs.
  • Perform technical design and code reviews.
  • Drive improvements in security testing practices and awareness in the developer community.

Requirements

  • B.S. in a technical or scientific field.
  • 7 years of software and development experience, with 5+ years in DevSecOps technologies.
  • 5+ years of hands-on experience with Cloud and/or DevSecOps technologies.
  • Experience with API testing tools like Postman or BurpSuite.
  • Excellent understanding of DevSecOps techniques and processes.
  • Familiarity with AWS well-architected framework or TOGAF.
  • Experience building and supporting applications in AWS, Azure, or GCP.
  • Knowledge of the OWASP Top 10 and vulnerability risk assessment.
  • Strong written and verbal communication skills.

Nice-to-haves

  • Extensive experience in application security and ethical hacking.
  • Professional certifications such as AWS practitioner or CISSP.
  • Experience integrating secure coding techniques with product teams.

Benefits

  • Competitive salary and performance incentives.
  • 401(k) with generous company contributions up to 9%.
  • Up to 2 weeks of vacation for new hires.
  • 56 hours of paid personal time within a 12-month period.
  • 10 paid holidays per year.
  • 12 weeks of paid maternity/parental leave for birthing parents.
  • 2 weeks of paid parental leave for non-birthing parents.
  • Comprehensive health benefits including medical, dental, and vision.
  • Family care assistance including fertility support and adoption assistance.
  • Holistic Wellbeing programs for physical and mental health support.
  • Domestic and International flight privileges for employees and family members.
  • Career development programs for long-term goals.
  • Community service engagement and sustainability initiatives.
  • Recognition rewards through Unstoppable Together platform.
  • Access to discounts and voluntary benefits through Deltaperks.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service