Senior Software Engineer DevSecOps, Application Security

• As a DevSecOps Specialist for Pega Infinity and Launchpad, you'll become a subject matter expert in their design and architecture
• We're looking for a seasoned DevSecOps Engineer skilled in integrating security throughout the development lifecycle
• At Pega Systems, you'll play a key role in advancing our security practices by designing robust frameworks, automating security practices, and fostering a security-first culture
• You'll join a team of dedicated and spirited individuals committed to building a world-class low-code product
• We embrace a "work hard, play hard" ethos, driven by passion and ownership to achieve meaningful results
• If you're eager to contribute to cutting-edge projects and enhance our security posture, join us in a forward-thinking organization that values continuous improvement and professional growth

Picture Yourself At Pega

• As a Senior DevSecOps Engineer at Pega, you will be one of the key members of the integration of security practices into the DevOps lifecycle, ensuring that security is a core component of software development and deployment
• You will design and implement automated security testing tools and processes within CI/CD pipelines, enhancing security coverage and efficiency

What You'll Do At Pega

• Learn the Pega platform to ensure its security posture remains intact
• Integrate security practices into the DevOps pipeline, embedding security throughout development and deployment
• Understand Pega products and incorporate security best practices at every level
• Design and implement automated security testing tools and processes within CI/CD pipelines to enhance efficiency and coverage
• Conduct risk assessments and threat modeling to identify vulnerabilities and propose balanced mitigation strategies
• Collaborate with incident response teams to quickly identify, contain, and remediate security incidents, and conduct post-incident analyses
• Work closely with cross-functional teams to promote a security-first mindset across the organization
• Have a good understanding of tools like Veracode, JFrog Xray, Trivy, Revenera
• Good expertise in understanding of security testing methodologies, such as SAST, DAST, and penetration testing along with good proficiency with tools like OWASP ZAP, Burp Suite, or Fortify is highly recommended
• Stay current with emerging security trends and technologies to drive continuous improvement in the organizations security posture
• Mentor junior team members and guide them in solving issues
• Collaborate with stakeholders such as the support team and release management
• Create and curate knowledge base articles to improve documentation

Who You Are

• You are a seasoned DevSecOps professional with expertise in integrating security throughout the DevOps lifecycle and automating testing frameworks
• Proficient in any of the programming languages like Python, Java, or Go, and tools such as Jenkins, Docker, and Kubernetes, you excel in technical problem-solving and collaboration with cross-functional teams
• A continuous learner, you stay updated on security trends and thrive in dynamic environments, always enhancing security practices
• As a proactive and adaptable team player, you embrace feedback, engage in retrospection, and are driven by measurable results and self-improvement

What You've Accomplished

• 4-6 years of successfully embedding security into DevOps processes, automated testing frameworks, and led initiatives to enhance the organization's security posture, demonstrating expertise in risk assessment, vulnerability management, and cross-functional collaboration
• CI/CD Tools: Proficient in Jenkins, GitLab CI/CD, Travis CI, or CircleCI (Any 2 CI/CD tools) for integrating security into automated pipelines, ensuring security is central to development and deployment
• Security Testing Tools: Expertise in SAST tools like SonarQube or Fortify and DAST tools such as OWASP ZAP or Burp Suite
• Vulnerability Management: Familiar with Nessus, Qualys, or OpenVAS for vulnerability assessments and remediation
• Automation and Programming: Developed automated security testing frameworks, reducing deployment time and enhancing security
• Skilled in languages like Python, Java, or Go, and scripting with Bash or PowerShell
• Security Standards: Understanding of frameworks like NIST, ISO 27001, and compliance with GDPR
• Risk and Threat Management: Conducts risk assessments and threat modeling to identify and mitigate risks
• Collaboration and Communication: Excellent at working with cross-functional teams and communicating complex security concepts to various stakeholders
• Problem Solving: Strong analytical skills to identify vulnerabilities and devise effective solutions
• Continuous Improvement: Committed to staying updated on security trends and applying new knowledge to enhance practices
• Additional Skills: Knowledge of Agile/Scrum methodologies and Security certifications like CISSP, CISM, CEH, or OSCP are beneficial
• Good to have skills Have a basic understanding of tools like Veracode, JFrog Xray, Trivy, Revenera would be an added advantage

Pega Offers You

• A rapidly growing yet well-established business
• The worlds most innovative organizations as reference-able clients
• Gartner Analyst acclaimed technology leadership across our categories of products
• Continuous learning and development opportunities
• An innovative, inclusive, agile, flexible, and fun work environment
• Competitive global benefits program inclusive of pay + bonus incentive
• Employee equity in the company