Sr. Container Application Security Engineer
ADP - roseland, NJ
Apply NowJob Description
ADP is hiring a Senior Container Application Security Engineer This Hybrid role can sit in Roseland, NJ or Alpharetta, GA Unlock Your Career Potential: Global Security Organization at ADP. Do you have a passion for going on the offensive to safeguard critical information? As ADP's Global Security Organization (GSO), we know that our clients rely on us for human capital management solutions, but beyond that, they entrust us with one of their most valuable assets - their employee data. We are honored by this trust and are laser focused on securing data at every step in the information lifecycle, ensuring integrity, confidentiality and compliance with industry and government regulations at all times. From the cloud to the data center and across every emerging device, you'll join a team of experts in the GSO who are always staying one step ahead in this ever-changing world of data by continually evolving our strategies and technologies to protect ADP and our clients. A little about ADP: We are a global leader in HR technology, offering the latest AI and machine learning-enhanced payroll, tax, HR, benefits, and much more. We believe our people make all the difference in cultivating an inclusive, down-to-earth culture that welcomes ideas, encourages innovation, and values belonging. A global Best Places to Work, DiversityInc® Top 50 Company, Best CEO and company for women, LGBTQ+, multicultural talent, and more, ADP has a deep commitment to diversity, equity, and inclusion. Learn more about ADP's commitment on our YouTube channel: The mission of the GSO Enterprise Application Security [EAS] team is to protect ADP's internally developed products from existing and emerging security threats. We improve internal product security posture by integrating and automating security controls early in the product development life cycle and aid in uncovering security risks. This work empowers and supports development teams to recognize and address security risks in a timely manner. The EAS team has an opening for a Senior Container Application Security Engineer to design, implement, and manage container security scanning services. This role involves partnering with key stakeholders to assess security risks and establish a governance framework for the secure use of container images before their release into production. What You'll Do: Drive container security operations including supply chain risk initiatives across ADP's different business units. Build and Support security into the DevOps pipelines & help institutionalize the security scanning of container images in line with shift left strategy. Provide support for managing supply chain vulnerabilities, image provenance, adversarial container security, and governance risk, and compliance (GRC) Assist in developing solutions to generate a Container Security Bill of Materials (CSBom) and Vulnerability Exchange (VEX) Promote a culture around secure container development through training, governance, and metrics. Maintain awareness of container cybersecurity threats and best practices to enable securing and hardening at scale. Customize policies, rules, and alerts to comply with established policies and settings. Bring thought leadership into the program and drive excellence. Metrics/Reporting Identify meaningful KPIs/KRI's to drive progress and improvement Provide weekly Scanning and Monitoring reports. Create and maintain Standard Operating Procedures (SOP) Perform other duties as required. Experience You'll Need: Basic knowledge and understanding of container security vulnerabilities (OWASP). Understanding of container image formats such as Docker, OCI, etc. Experience in implementing and rolling out container scanning solutions as part of container development. Familiarity with internet technologies and web development secure coding best practices. Understanding CI/CD pipelines covering source control, integration, and deployment (ex: Bitbucket, Jenkins, Rally, JIRA, Artifactory, Nexus, SonarQube, git, Snyk). Previous software engineering/architecture experience (Java, C#, .Net, JavaScript, Python) preferred. Strong analytical/problem-solving skills and basic cross-functional knowledge across multiple development and security disciplines. Experience in training development teams on secure container practices. Basic understanding of Test Automation tools and framework - NIST Container Security Framework. Ability to communicate security-related concepts to technical and non-technical staff. Understanding of Agile methodologies, Cloud, and Container Security. Good problem-solving skills, communication and presentation skills. Ability to work effectively as part of a remote team. Self-motivated with a positive attitude. Qualifications: Bachelor's degree or equivalent. A plus if you have degree in computer science, Information / Cyber Security, Computer Systems Engineering, Computer Information Systems, or equivalent education and experience required. Five years or more experience in various IT or cybersecurity roles, with three or more years of experience specifically in software engineering roles. Basic knowledge and understanding of container security and related risks. Familiarity with internet technologies and web development best practices. Strong analytical/problem-solving skills and basic cross-functional knowledge across multiple development and security disciplines. Ability to communicate security-related concepts to a broad range of technical and non-technical stakeholders. Understanding of Agile methodologies and container & cloud security. Familiarity with microservices architecture and design patterns. Good analytic skills, including qualitative and quantitative data analysis to support and defend data-driven decision-making regarding system threats, vulnerabilities, and risk. Any of the following are a plus but not necessary: CEH, CISSP, CSSLP, GCIA, GPEN, GWAPT YOU'LL LOVE WORKING HERE BECAUSE YOU CAN: Have courageous team collaboration. Courage comes from how associates are willing to have difficult conversations, speak up, be an owner, and challenge one another's ideas to net out the best solution. Deliver at epic scale. We deliver real user outcomes using strong judgment and good instincts. We're obsessed with the art of achieving simplicity with a focus on client happiness and productivity. Be surrounded by curious learners. We align ourselves with other smart people in an environment where we grow and elevate one another to the next level. We encourage our associates to listen, stay agile, and learn from mistakes. Act like an owner & doer. Mission-driven and committed to leading change, you will be encouraged to take on any challenge and solve complex problems. No tasks are beneath or too great for us. We are hands-on and willing to master our craft. Give back to others. Always do the right thing for our clients and our community and humbly give back to the community where we live and work. Support our associates in times of need through ADP's Philanthropic Foundation. Join a company committed to equality and equity. Our goal is to impact lasting change through our actions. What are you waiting for? Apply today! Find out why people come to ADP and why they stay: (ADA version: )
Created: 2024-11-09