Senior DevSecOps Engineer
Business Unit: Product Lifecycle Management-PLM
Requisition Number: 223950
Primary Location: United States-Ohio-Milford
Assignment Category: Full-time regular
Experience Level: Mid level
Education Required Level: Bachelor's Degree
Travel Required: No
Siemens is a global technology powerhouse that has stood for engineering excellence, innovation, quality, reliability and internationality for more than 165 years. As a global technology company, Siemens is rigorously leveraging the advantages that this setup provides. To tap business opportunities in both new and established markets, the Company is organized in nine Divisions: Power and Gas, Wind Power and Renewables, Energy Management, Building Technologies, Mobility, Digital Factory, Process Industries and Drives, Healthineers and Financial Services.
The Siemens Digital Factory Division offers a comprehensive portfolio of seamlessly integrated hardware, software and technology-based services in order to support manufacturing companies worldwide in enhancing the flexibility and efficiency of their manufacturing processes and reducing the time to market of their products.
For more information, please visit:
1. Local to Milford / Cincinnati OH
2. Within three hour drive of Milford, OH
3. Remote, but within EST time zone
As a Senior DevSecOps Engineer you will possess strong knowledge of security strategies across infrastructure, operations and development and the ability to employ best practices in an enterprise scale continuous delivery environment. You will be counted on to interface between a number of organizations to help ensure that production applications are following best practices and achieving compliance with corporate and outside guidelines.
• Develop and improve standards for security (via security as code) across a continuous delivery environment and cloud based production deployments. Push DevSecOps culture internally and to outside teams.
• Work across development, DevOps and associated teams to help facilitate compliance and be a conduit of security best practices.
• Be the liaison to our security officer and team and ensure that critical warnings and compliance messages are broadcasted and understood.
• Work with vendors, R&D, and security teams to not only understand but achieve compliance of our production infrastructure to FedRAMP / PII and applicable NIST guidelines.
• 2yrs experience in Information Security-specific role.
• Friend to security associations like ISC(2), OWASP.
• Strong understanding of CI/CD concepts and processes, infrastructure as code, security as code, etc.
• Strong understanding of security concepts - best practices and application -- SSH, public key encryption, access credentials and certificates, TLS, data encryption in motion and at rest.
• Desire to make aspects of security fit into the model of code analysis and testing.
And at least one of the below:
• 5yrs with networking and network/system security, including firewalls, VPN, routing, switching, load balancers, monitoring, security and DNS.
• 3yrs experience running large scale online systems built on AWS or similar cloud providers.
• Experience with design and administration of container orchestration systems, specifically Kubernetes.
• Experience with compliance in any of the following: FedRAMP, PII, SOC 1&2.
You'd be a great fit if...
• You're excited to be part of a core group that defines security standards for thousands of developers.
• You enjoy figuring out how to make implementing and meeting those standards easy for the developers.
• You're motivated by both open-ended challenges and practical it-just-needs-to-get-done code: whatever has the most impact.
• You're eager to learn from your teammates and have something to teach them as well.
• You may have a particular area of expertise but think of yourself as a generalist who likes to challenge yourself in new areas (and wants to work with a team that encourages you to do so).