Senior Container Application Security Engineer

ADP is hiring a Senior Container Application Security Engineer

This Hybrid role can sit in Roseland, NJ or Alpharetta, GA

Unlock Your Career Potential: Global Security Organization at ADP. Do you have a passion for going on the offensive to safeguard critical information?

As ADP’s Global Security Organization (GSO), we know that our clients rely on us for human capital management solutions, but beyond that, they entrust us with one of their most valuable assets — their employee data. We are honored by this trust and are laser focused on securing data at every step in the information lifecycle, ensuring integrity, confidentiality and compliance with industry and government regulations at all times.

The EAS team has an opening for a Senior Container Application Security Engineer to design, implement, and manage container security scanning services. This role involves partnering with key stakeholders to assess security risks and establish a governance framework for the secure use of container images before their release into production.

What You’ll Do:

• Drive container security operations including supply chain risk initiatives across ADP’s different business units.
• Build and Support security into the DevOps pipelines & help institutionalize the security scanning of container images in line with shift left strategy.
• Provide support for managing supply chain vulnerabilities, image provenance, adversarial container security, and governance risk, and compliance (GRC).
• Assist in developing solutions to generate a Container Security Bill of Materials (CSBom) and Vulnerability Exchange (VEX).
• Promote a culture around secure container development through training, governance, and metrics.
• Maintain awareness of container cybersecurity threats and best practices to enable securing and hardening at scale.
• Customize policies, rules, and alerts to comply with established policies and settings.
• Bring thought leadership into the program and drive excellence.
• Metrics/Reporting
• Identify meaningful KPIs/KRIs to drive progress and improvement.
• Provide weekly Scanning and Monitoring reports.
• Create and maintain Standard Operating Procedures (SOP).
• Perform other duties as required.

Experience You'll Need:

• Basic knowledge and understanding of container security vulnerabilities (OWASP).
• Understanding of container image formats such as Docker, OCI, etc.
• Experience in implementing and rolling out container scanning solutions as part of container development.
• Familiarity with internet technologies and web development secure coding best practices.
• Understanding CI/CD pipelines covering source control, integration, and deployment (ex: Bitbucket, Jenkins, Rally, JIRA, Artifactory, Nexus, SonarQube, git, Snyk).
• Previous software engineering/architecture experience (Java, C#, .Net, JavaScript, Python) preferred.
• Strong analytical/problem-solving skills and basic cross-functional knowledge across multiple development and security disciplines.
• Experience in training development teams on secure container practices.
• Basic understanding of Test Automation tools and framework - NIST Container Security Framework.
• Ability to communicate security-related concepts to technical and non-technical staff.
• Understanding of Agile methodologies, Cloud, and Container Security.
• Good problem-solving skills, communication and presentation skills.
• Ability to work effectively as part of a remote team.
• Self-motivated with a positive attitude.

Qualifications:

• Bachelor’s degree or equivalent.
• A plus if you have degree in computer science, Information / Cyber Security, Computer Systems Engineering, Computer Information Systems, or equivalent education and experience required.
• Five years or more experience in various IT or cybersecurity roles, with three or more years of experience specifically in software engineering roles.
• Basic knowledge and understanding of container security and related risks.
• Familiarity with internet technologies and web development best practices.
• Strong analytical/problem-solving skills and basic cross-functional knowledge across multiple development and security disciplines.
• Ability to communicate security-related concepts to a broad range of technical and non-technical stakeholders.
• Understanding of Agile methodologies and container & cloud security.
• Familiarity with microservices architecture and design patterns.
• Good analytic skills, including qualitative and quantitative data analysis to support and defend data-driven decision-making regarding system threats, vulnerabilities, and risk.
• Any of the following are a plus but not necessary: CEH, CISSP, CSSLP, GCIA, GPEN, GWAPT.

What are you waiting for?Apply today!