JOIN OUR WINNING TEAM AS A SENIOR DEV OPS SECURITY ANALYST
AT CARFAX WE ARE CONSTANTLY EXPANDING OUR PRODUCT AND TECHNOLOGY
OFFERINGS! This means we are continually bringing new, innovative
products to market through exciting technology initiatives to help our
customers. Come join the success in Biz Tech. As a Senior Dev Ops
Security Analyst, you will be responsible for guiding technical teams in
building secure products in a DevOps model. The position is targeted to
enable better security as part of the software development lifecycle
through simple and automated tools that are easily integrated into a
developer's workflow. See if you have what it takes to join Team
CARFAX!
THE TECH CULTURE AT CARFAX
Having a creative and innovative environment where our techies can
collaborate, learn and grow is something CARFAX is passionate about. We
have an entire floor dedicated to our techies, designed specifically to
enable teams to dream big and produce the best. Along with creating and
maintaining awesome software you’ll also be able to participate in our
quarterly Hack-a-thon’s or take a break by kicking back and playing the
latest game on x-box when you need to re-boot the mind. Oh, and do you
happen to have a dog? CARFAX is dog-friendly and no day goes by where
you don’t have the chance to visit with one of the visiting pups. We
even provide the dog beds, bowls and of course, toys!
AS A SENIOR DEV OPS SECURITY ANALYST, YOU WILL:
- Technical point of contact for product teams as it relates to
automation, CI/CD, and DevSecOps
- Build tools and automation scripts that enable CARFAX developers to
easily consume security services
- Improve the accessibility of security through automation, continuous
integration pipelines, and other means
- Evaluate and recommend products and services across the corporate
security technology stack
- Research and advises on secure Cloud architecture designs to best
practice
- Work with teams to identify threats and vulnerabilities by
performing threat assessments
- Develop technical assessments for new technologies, 3rd party
integration initiatives and provide technical support to facilitate
compliance with security policies
- Develop hardened operating baselines utilizing industry standards
and best practice
- Develop secure coding guidelines for personnel and provide security
awareness and technical training as required
- Perform and/or analyze vulnerability scans and penetration tests to
direct other parties in properly mitigating vulnerabilities
- Security incident response technical lead, performs forensic
investigations to determine root causes and determine appropriate
security response actions
QUALIFICATIONS:
- Bachelor's degree in computer science/related technical field or
equivalent experience
- 6+ years of experience developing secure software products using
TDD/Agile/XP/Lean methods
- Background in developing and release of software products in cloud,
ecommerce and mobile environments
- Experience in various development tools, such as Jenkins, GitHub
- Comfortable with scripting languages, such as Python, Perl,
PowerShell or others
- Familiar with common APPLICATION STACK technologies (e.g., HTTP,
HTML5, AJAX, REST, JSON, etc.) and PLATFORMS (e.g., AWS, ReactJS,
AngularJS, JAVA, Spring Boot, MySQL, MongoDB, Hadoop, iOS,
Android, etc.)
- Familiar with containers and container management platforms
including Kubernetes
- Working knowledge of core CRYPTOGRAPHY concepts (Encryption, Key
Storage, Hashing, Crypto Libraries, etc.) and how they are applied
and attacked in applications
- Hands-on experience with port and network scanners (Nessus,
Nexpose, Nmap)
- Experience with web application scanners (Netsparker) and SAST/DAST
testing platforms including Veracode
- Experience working with leading firewall, network scanning and
intrusion detection products and authentication technologies (Cisco
ASA Firepower, F5 ASM, Sourcefire, Okta, etc.)
- Experience working with logging, alerting and file integrity
monitoring tools
- Deep knowledge of common application vulnerabilities, current threat
vectors and mitigations.
- Knowledge of IP protocols, networks, security architectures and
security threats in an IP network
- Familiarity with IT security standards, compliance regulations and
best practice frameworks (ISO 27001, ISO 27002, NIST, OWASP, SANS,
SOX, ITIL, PCI DSS)
- Any of these preferred security certifications (CISSP, CSSLP, CEH,
GSSP, GWEB)
ABOUT CARFAX
CARFAX, a unit of IHS Markit (Nasdaq: INFO), helps millions of people
every day confidently shop, buy, own and sell used cars with innovative
solutions powered by Carfax vehicle history information. The expert in
vehicle history since 1984, Carfax provides exclusive services
like Carfax Used Car Listings, MyCARFAX, Carfax History-Based Value and
the flagship Carfax® Vehicle History Report™ to consumers and the
automotive industry. Carfax owns the world's largest vehicle history
database and is a nationally recognized top workplace by The Washington
Post and Glassdoor.com. Shop, Buy, Own, Sell – Show me the Carfax™.
Based in London, IHS Markit is a world leader in critical information,
analytics and solutions.