Overview
The role of Lead, DevSecOps Engineer is to develop, manage and execute upon security initiatives focused on Edge and Application Security. As part of Office Depot’s DevSecOps team, you’ll be responsible for integrating security into the development of a diverse set of customer-facing applications. As a subject matter expert in this area, you’ll leverage various tooling to analyze the security posture of both systems & applications while working independently and collaboratively to apply remediations around insufficient security ratings. Through collaboration with software development and platform engineers, you’ll pre-determine attack signatures and threat models, apply corresponding mitigation policies, protect control points within the application stack and facilitate application vulnerability scans/remediations. You’ll also be challenged to demonstrate your automation proficiency by accelerating remediation efforts to continuously improve security response times across our variety of end-points.
This is an opportunity to shape and strengthen our Edge Security practice. The ideal candidates should have advanced coding skills in Java, Python, Shell and YAML, preferably with a minimum of 3-5 years of experience in all of these or similar languages. Candidates should have 3+ years’ experience in at least two of the following roles: Application Security Engineer, DevOps, Software Engineering, leveraging automation extensively to achieve key deliverables.
Primary Responsibility:
- Develop, tune, implement and support security configurations designed specifically for customer facing applications
- Web Application Security: Engineering, deployment, and operations of security policies with Akamai’s Web Application Firewall and Bot Management platform; including but not limited to creating WAF rules to mitigate threats.
- Develops automation for security implementations and workflow integration.
- Security Software Development: Scripting and Development in Python, Shell scripting and development in other languages.
- Develops advanced alerts/reports; including correlations, enrichments & dashboards that appropriately characterize web application attacks and mitigation mechanisms.
- Collaborates with key stakeholders within Security and Engineering teams; to develop specific use cases to address both business and application needs.
- Focus on professional development through our wide array of learning opportunities for continued growth within the Office Depot team
Education & Experience:
- DevSecOps Experience:
- Scripting experience: Python, Perl, Shell, YAML, RegEx
- Development experience: Java, Java Script
- DevSecOps experience in maintaining and enhancing infrastructure as code with CloudFormation, Terraform, Puppet, Chef, Jenkins, ADO
- Experience with using knowledge management and code repositories, including Github, Jira, and Confluence
- Experience with Lambda, API Gateway
- Application Security:
- Knowledge of SDLC processes
- Knowledge of open source and commercial application security tools and frameworks
- Experience with one or more of the following:
- Imperva Web Application Firewall
- Akamai (CDN, WAF)
- AWS (Cloudfront, Shield)
- Experience with Web Application Firewall; management, policies and rule-sets
- Experience in exploiting web apps and web services security vulnerabilities including cross-site scripting, cross-site request forgery, SQL injection, DoS attacks, XML/SOAP, and API attacks
- Excellent understanding of OWASP Risks, Vulnerabilities and Mitigation Mechanisms
- Well versed in system exploits (e.g. Buffer Overflows, PTH attacks, windows authentication framework etc.)
- Excellent understanding of common network and web protocols
- Excellent understanding of DDoS techniques and mitigation mechanisms
- Excellent understanding of Cyber Security Operations, Incident Response processes
- Infrastructure:
- System administration experience in a Windows and Unix environment
- Experience working in a large enterprise environment
Technical Competencies:
- Java, Java Script
- Python, Bash, Shell, YAML
- GitHub
- Atlassian JIRA
- CI-CD (Jenkins, Ansible, etc)
- Public Cloud IaaS & PaaS services (ie. Compute / Database / / Storage)
- Ability to create standardized and customized alerting & mitigation policies
- Web Application Firewall: Imperva, Akamai, Public Cloud
- Web Application Vulnerability Scanning
- HTTP / WebSocket
- Linux/Unix basics
Benefits and Perks:
- 100% permanent remote work in the United States
- Medical / dental / vision, AD&D, and Life Insurance
- Paid Time Offer (PTO) and company paid holidays
- Health Saving Account (HSA)
- Long Term Disability and Short-Term Disability
- 401(k) matching program
- Discounted auto, home, and pet insurance
- Retirement savings plan rollovers
- Banking services
- Military leave
- Employee Assistance Program (EAP)
- Regular pay for funeral/memorial service observance
- Discounts on Office Depot/Microsoft/Apple products and services
- Opportunity for professional growth and career advancement
Equal Employment Opportunity:
The company is committed to providing equal employment opportunities in all employment practices. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, citizenship status, marital status, age, disability, protected veteran status, sexual orientation, or any other characteristic protected by law. We will consider for employment qualified applicants with arrest and conviction records in alignment with the City & County of San Francisco Fair Chance Ordinance.
Varis is wholly owned by The ODP Corporation, which is the legal employer of Varis associates. ODP is an Equal Opportunity Employer.
Read More
Read Less
At Office Depot, we offer our benefits around the 5 facets of Total Well-Being: Physical, Emotional, Work-Life, Financial, and Community. Here’s a look into what we offer:
Physical:
- Medical Insurance/Prescription Drugs
- Dental Insurance
- Vision Insurance
- Flu shots
Emotional:
- Mental Health Benefits
- Support Programs
- Employee Assistance Program (EAP)
Work-Life:
- Location Events & Activities
- Onboarding Plan & 'Buddy'
- Recognition & Rewards Programs
- Flexible Work Schedules
- Paid Holidays (as applicable by business unit)
- Paid Time Off (Full-Time Associates are eligible to receive up to 128 hours on a prorated basis in their first year of employment)
Financial:
- 401(k) and Roth Savings Plans
- Savings Plan Employer Match
- Commuter Benefits
- FSA/HSA Pre-Tax Benefits
- HSA Employer Match
- Discount Center
- Employee & Dependent Life and Accidental Death & Dismemberment
- Short & Long-Term Disability
Community:
- Charitable Giving
- Volunteering & Mentorship
- Associate Resource Groups focused on Diversity and Inclusion
At Office Depot, we offer our benefits around the 5 facets of Total Well-Being: Physical, Emotional, Work-Life, Financial, and Community. Here’s a look into what we offer:
Emotional:
- Employee Assistance Programs
Community:
- Associate Resource Groups focused on Diversity and Inclusion
Physical:
Work-Life:
- Part-Time Associates are eligible to receive up to 24 hours of paid time off on a prorated basis after their first year of employment
Financial:
- 401 (k) and Roth Savings Plans
- Savings Plan Employer Match
- Discount Center
As the working world continues to evolve, so are we. Shifting from an office supplies retailer to a business services platform is not a simple task, nor is it one we take lightly. It requires the diverse talents and contributions from each and every associate – all driven by our 5C culture of Customer, Commitment, Change, Caring and Creativity. We’re working together to make a difference, challenge the status quo, and be the trusted experts that help our customers manage their businesses. We’ve got 40,000+ associates to date – and we’re always looking to add great talent to our team. The once-in-a-lifetime opportunity to help transform our company to fuel the businesses and communities around us is knocking. Start your #LifeAtDepot and discover how you can be a part of the transformation.