Job Description
Fortive is currently seeking a seasoned DevSecOps Manager to join the growing global Security team. We are looking for an experienced DevSecOps Manager Secure Coding Subject Matter Expert to join our Product Security function to provide guidance, support and measurement as it relates to secure design, secure coding, security testing and automation to enable DevOps teams to securely build software applications and systems. You will work with management, product development engineering, and operations teams on cross-functional projects throughout the organization to enhance the security posture across the enterprise product portfolio, perform training, add context and priority to security related findings, and support the Incident Response team as needed. This role requires enthusiasm, attention to detail, and an insatiable commitment for positive outcomes.
This position will report directly to the director of product security.
Key Duties and Responsibilities:
- Ownership of the Secure Coding Program including the ownership for the development, testing, and delivery of processes and tools to streamline secure coding practices, tooling, implementation, and continuous compliance.
- Act as a security advisor to developers, architects, engineers, security engineers and other stakeholders to ensure we design confidentiality, integrity, resiliency, and privacy into Fortive's products and services.
- Build, train and mentor product developers, engineers, and DevOps teams across the enterprise in secure coding practices.
- Work with the product teams to support proactive research in the area of security coding and integrate new languages and investigate new tooling to mitigate new emerging threats, vulnerabilities, tactics, techniques and procedures.
- Integrate Secure Coding toolsets into product teams CI/CD pipelines.
- Integrate SAST findings into product team agile management tooling (e.g., Jira)
- Create Key Performance Indicators (KPI) to accurately measure cyber security activities aligned with current business strategies and risk management frameworks.
- Work with standardization and regulatory frameworks such as FedRAMP, ISO 27001, CIS Critical Security Controls, NIST CSF frameworks, Cloud Security Alliance, PCI DSS, GDPR
- Other duties and obligations as assigned by the Director of Product Security
Minimum Qualifications
Demonstrated experience managing secure coding initiatives in a highly fluid enterprise-level product and service development environment; Experience managing vendors and service providers and performing oversight for the delivery of security capabilities; Significant technical knowledge of product development languages, secure coding standards, product security programs, concepts, processes, trends, and best practices; Demonstrated knowledge of aligning secure coding practices with current compliance frameworks.
Preferred Qualifications:
- 8-15 years relevant experience
- Strong background in secure coding; deep knowledge of security standards, protocols and methodologies
- Excellent problem-solving and analytical skills with the ability to evolve product security and secure coding practices based on research, data, and industry trends
- Mastery level experience using multiple programming languages such as C, C++, Java, .Net, Go, and Rust, associated secure coding practices, mapping secure coding standards to practices which satisfy security requirements, coordinating efforts to scope, implement then deploying secure coding practices in automated ci/cd environments
- Strong focus on API secure coding and Web Application secure coding
- Strong communication and presentation skills with the ability to interact at all levels of the organization.
- Proven success managing cross-functional enterprise security programs
- Possess a passion and drive for cyber-security, with an active interest and knowledge of current trends and emergent threats
- Experience on Orchestration/automation solutions would be helpful.
- Strong ethics, integrity, attention to detail, and self-motivation to succeed against challenges
- Proven capability and desire to diligently deliver high quality work, as an individual or part of a team, to agreed specifications and timelines
- Demonstrable strong verbal and written communication skills, when communicating with peers, seniors, juniors, or customers
- Experience in product development, quality assurance, or a Security related role within a product development team.
- Familiarity, understanding and demonstration of the attacker mind-set , towards providing better coverage against threats.
Employement Category:
Employement Type: Full time
Industry: Manufacturing
Role Category: General / Other Software
Functional Area: Not Applicable
Role/Responsibilies: DevSecOps Manager - Secure Coding SME
Keyskills:
security testing
web application
secure coding
cyber security
cloud security