DevSecOps Manager - Open to Remote - Military Veterans

Profile

At American Family Insurance, we believe people are an organization's most valuable asset, and their ideas and experiences matter. From our CEO to our agency force, we're committed to growing a diverse and inclusive culture that empowers innovation that will inspire, protect, and restore our customers' dreams in ways never imagined.American Family Insurance is driven by our customers and employees. That's why we provide more than just a job - we provide opportunity. Whether you're already part of our team in search of a new challenge or new to our company and ready for what's next, you're in the right place. Every dream is a journey that starts with a single step. Start your journey right here. Join our team. Bring your dreams.Job ID: R26594 DevSecOps Manager - Open to Remote! (Open)Compensation may vary based on the job level and your geographic work location.Compensation Minimum:$111,200Compensation Maximum:$194,900Summary:As the DevSecOps Manager, you will have the opportunity to demonstrate the depth and breadth of your knowledge of managing application security policies and procedures. You will also lead, nurture empower and encourage a diverse first-in-class technical team. You will connect with your team by supporting their continued career growth and by encouraging them to take advantage of training and continuing education opportunities. Additionally, while in this role, you will foster trust through building strong interpersonal/intergroup relationships with stakeholders such as Engineering, Product, Security and IT. These relationships will be an important facet of your role and your ability to coordinate and manage projects. Another essential aspect of your relationship with Engineering will be working to prioritize security during the entire software development life cycle, as well as provide them with the tools and programs to do so including, threat modeling, secure code reviews, static/dynamic testing, container scanning and tooling. You will assist in the creation of our corporate strategy pertaining to application security and governance. You will review policies, procedures, and training related to application security and information governance. Do you enjoy thinking outside-the-box? Do you have experience with designing creative approaches to scale security through automation and communication? Do you like using a wide array of cloud platforms and technologies such as Gitlab, Jenkins, Ansible, Puppet, Terraform and Octopus? If the answer is yes, we invite you to join our AmFam DevSecOps Team!Job Description:Job Level SummarynManages professional employees and/or supervisors.nHas accountability for the performance and results of a team within own area of specialty.nAdapts plans and priorities with urgency to address resource and operational challenges.nDecisions and problem solving are guided by policies, procedures and department plan; receives guidance from manager.nProvides technical guidance to employees, colleagues and/or customers.nPrimary Accountabilities nDevelop security strategies for existing and emerging business needs and maintain a security technology roadmap to deliver new capabilities.nDrive the selection, architecture and design, implementation and maintenance of the Company's security technology.nDirects the research into emerging tools, techniques and methods for detecting and addressing evolving threats to enterprise digital assets.nOversees the development and implementation of cyber security and information risk management capabilities, services, that support protect enterprise digital assets in accordance with enterprise policies and standards.nEstablishes methodologies to provision users and provide identity access management duties within American Family enterprise. Ensures the methodologies address business needs and demonstrate compliance with federal mandates and industry standards.nManages active monitoring of systems to identify anomalies and potential threats as they occur and takes actions to eliminate the threats.nManages implementation of a methodology to measure and report current and future security vulnerabilities and establishes remediation plans.nManages security assessments of systems and applications using penetration tests, ethical hacking tools and risk assessment/mediation methodologies to evaluate vulnerabilities.nEstablishes, communicates, and implements departmental plans, objectives, and strategies.nManages relationships with multiple stakeholders, understanding the business drivers and the future direction of the business. Provides information security architecture/systems engineering and security standards consulting to the business areas.nManages direct reports, systems and projects to achieve department/unit goals in accordance with Company policies and practices.nManages the budget, including continually seeking efficiencies and cost reductions.nProvides leadership by exhibiting influence and expertise, thus affecting the results of the area.nDevelops staff through coaching, providing performance feedback, providing effective performance assessments and establishing performance & development plans.nSpecialized Knowledge & Skills RequirementsnDemonstrated experience providing customer-driven solutions, support or servicenHigh level of integrity, trustworthiness and confidence, representing the Enterprise and its leadership team with the highest level of professionalism.nDemonstrated management or leadership experiencenDemonstrated experience delivering complex security solutions, such as Cloud, Vulnerability Management, Identity & Access Management, Network Access Control, IDS/IPS or similar security technologiesnDemonstrated experience managing relationships with internal and external partnersnExtensive knowledge and understanding of security best practices, as they apply to industry standards, legal mandates, and corporate policiesnExtensive knowledge and understanding of security operations and control frameworksnSolid knowledge and understanding of various frameworks/regulations such as PCI, NIST Cybersecurity Framework, ISO27001 or similarnSolid knowledge and understanding of computing platforms and applicationsnTravel RequirementsThis position requires travel up to 15% of the time.Additional Job Information:ResponsibilitiesnEffectively mentor and manage a team of security and software developers including their projects and performancenResponsible for the delivery of application security functions and supporting business processes to keep AmFam workloads secure both on-prem and public cloudsnEvaluation, selection, onboarding and management of AppSec vendors and consultantsnLead through example and provide DevSecOps thought leadership in areas of CI/CD and continuous testing & certification, site reliability within a Cloud-based microservices and data architecture based on previous industry experience with large scale cloud platformsnEnsure teams technical growth in DevSecOps and Testing approaches for large-scale cloud offerings.nPartnering with the AmFam and OpCo DevOps teams to optimize enterprise DevSecOps tooling and deployment methods.nWork closely with cross-disciplined teams of engineers to implement innovative DevSecOps solutionsnOversee day-to-day operations of deployment pipelines, working with teams to optimize and improve quality, delivery lead times and deployment frequencynKnowledgeable about security principles and practices and enforce, when needednAct as technical product owner for the teamnAutomate security testing and vulnerability management procedures where reasonable.nIntegrate security into the build/deployment process.nProvide training and education to developers on software security best practices in various cloud-based systems.nDevelop, recommend, evaluate, integrate, deploy, and maintain security tools including static and dynamic analyzers, fuzzers, security frameworks, etc.nDevelop Secure patterns for different tech stacks and evangelize the patterns to the larger developer communitynIdentify gaps in existing security architecture and design and recommend changes or enhancementsnPartner with engineering teams to integrate security controls into continuous integration, delivery and deployment processesnBuild and review existing PSIRT processes to ensure rapid incident response and collaboration with Cyber Fusion for timely handing of zero day application security events/vulnerabilitiesnJob Requirementsn5 years of engineering management experience leading productive, high functioning teamsnGrowth mindset and excellent prioritization skillsnKnowledge of the nature and sources web application and database vulnerabilities, how to identify and exploit themnKnowledge of the nature and sources network and host application vulnerabilitiesnVast knowledge in computer security issues, requirements and trendsnHands on experience in Threat Modeling, SAST, DAST, and Web application security including OWASP top 10, CWE top 25 and SANS 25nProgramming experience in Java, J2EE/Spring, NodeJSnExperience on Authentication, Single Sign-On Infrastructure (AD, Azure AD, Okta, Ping Federate); Experience implementing multi-factor authentication, single sign-on, identity management or related technologiesnDeep understanding of HTTP and SSL/TLS protocols, and Web applicationsnDeep understanding of authentication protocols and frameworks to include OAuth, OpenID, SSO/SAML, and AWS IAMnAbility to perform security-focused code reviews on cloud based and on prem solutionsnReview application architectures and implementation details for design flaws, incorrect security implementation and missing security controlsnExtensive experience in usage related Identity & Access Management & defining standards around data at & data in transit - encryption, authorization, authentication, and security mechanisms, especially the foundational elements of the Public Key Infrastructure & Certificate managementno Offer to selected candidate will be made contingent on the results of applicable background checkso Offer to selected candidate is contingent on signing a non-disclosure agreement for proprietary information, trade secrets, and inventionsThis role can be remote.#LI-RemoteWhen you work at American Family you can expect benefits that support your physical, emotional, and financial wellbeing. You will have access to comprehensive medical, dental, vision and wellbeing benefits that enable you to take care of your health. We also offer a competitive 401(k) contribution, a pension plan, an annual incentive, and a paid-time off program. In addition, our student loan repayment program and paid-family leave are available to support our employees and their families. Interns and contingent workers are not eligible for American Family Enterprise benefits.We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law.Stay connected: Join Our Enterprise Talent Community!#LI-JM1

Company info

Sign Up Now - ManagerCrossing.com