Looking for Lead DevSecOps Engineer – CI/CD & Security Integration to join Capgemini/Sogeti as a consultant.
Sogeti, a subsidiary of Capgemini, is seeking a dynamic and experienced Consultant to join our team. With a strong emphasis on our people and partnerships, we foster a "People centric" culture where innovation thrives. If you have 10-15 years of experience in Consulting Account Management, Business Development, and Sales within the realm of IT Outsourcing (ITO) deals, we invite you to be a part of our journey.
About Sogeti:
Sogeti, the Technology and Engineering Services Division of Capgemini, boasts a global presence with over 25,000 professionals across 15 countries, including a significant presence in the US, Europe, and India. Specializing in technology and software testing, we offer cutting-edge solutions in Application, Infrastructure, Data, Analytics, and Engineering Services. Our local professional services teams work closely with clients, embodying our commitment to excellence.
*Willing to consider remote only candidates but candidates in Phoenix area will be given higher priority.
Lead DevSecOps Engineer Job Description
As the Lead DevSecOps Engineer, you will play a critical role in developing reusable CI/CD pipelines with the goal of building a developer platform and ensuring the seamless integration of security and quality practices into the software development lifecycle. Your expertise will bridge the gap between development, security, and operations, championing reusable workflows, robust security measures, and automated testing from the outset.
Here are the key details:
Objectives of This Role:
Develop CI/CD pipelines:
- Build pipelines to deploy infrastructure and applications to Azure and AWS using GitHub Actions
- Leverage Infrastructure as Code to create integrated workflows
- Provide release gates that are aligned with source control management approaches
Integrate Security into SDLC:
- Seamlessly integrate security features throughout the software development life cycle (SDLC).
- Identify and mitigate security risks, implementing effective security controls.
Secure Code and Applications:
- Develop applications and secure code to protect against risks and data breaches.
- Collaborate with cross-functional teams to ensure security alignment.
Platform Advocate:
- Regularly demonstrate the new capabilities available in pipeline to diverse audiences
- Seek feedback and direction from stakeholders on how to improve the reusable pipelines
Responsibilities & Skills:
- Experience working with GitHub Actions and Terraform, building pipelines to deploy infrastructure and applications to Azure and AWS landing zones
- Deep knowledge and understanding of DevOps best practices involving Automation, CI/CD, deployments, approval gates, hooks, and various methods for deploying software applications through multiple environments to target platforms
- Experience with software testing tools and frameworks
- Extensive experience and proficiency with GIT source code control and different branching strategies such as “trunk based development”
- Ability to direct and manage dev teams on best practices and usage patterns for DevOps CI/CD and automation leading to more secured software application deployments
- Well versed in software bill of material and software supply chain analysis and safe practices
- Experience creating and administering CI/CD tooling such as GitHub Actions, Azure DevOps, Jenkins
- Experience with and deep understanding of difference vulnerability scanning techniques and their relevant tools such as SAST, DAST, SCA, IAST security scanning
- Solid understanding of SDLC processes, modern programming stacks and their relevant vulnerabilities, .NET and Java
- Operational experience and knowledge in common security scanning tooling and integration into CI/CD pipelines such as Azure DevOps, GitHub, Jenkins. e.g. Wiz.io Veracode, AppScan, CheckMarx, Snyk, Contrast, Sonar, Synopsis
- Familiarity with OWASP and NIST standards and best practices for application security
- Ability to assess false positives in security scanning tooling and give feedback and guidance to development teams on security scanning results
- Experience adding security scanning tooling tasks to pipeline
- Ability to perform automation and scanning of applications written or created with .NET and Java development stacks
- Participate in design and code reviews, aligning with architectural goals
- Ability to showcase and communicate technical solutions to business stakeholders
- Experience leading teams a plus
Education: • Bachelor’s degree in computer science, Information Security, or a related field (or equivalent experience).
Benefits our employees enjoy working at Sogeti USA: • 401(k) Savings Plan: matched 150% up to 6%. Our 401k is in the top 1% of 401(k) plans offered in the US! • Employee Stock Option Plan • Potential Annual Individual Bonus Plan • Medical/Prescription/Dental/Vision Coverage: low premium and deductible with free preventative care • Life Insurance: provided at 2x base salary plus long term and short term disability • 100% Company-paid Mobile Phone Plan • Personal Time Off (PTO): ensuring a balance of work and home life • Career Planning and Coaching Program • All of our employees receive wide-ranging training covering business acumen, technical and professional skills development. Employees also have opportunities to hone your functional skills and expertise in an area of specialization. We offer a variety of formal and informal training programs at every level to help employees acquire and build specialized skills faster. Learning takes place both on the job and through formal training conducted online, in the classroom, or in collaboration with teammates. • Continuing Education: $12,000 Annual Tuition Reimbursement plus access to over 20,000 online courses and certifications through Capgemini University, as well as many offerings through Coursera and Degreed. • Paid Parental Leave: eligibility up to 6 weeks • Adoption Assistance: up to $5,000 • Perks and Discount Programs for Health, Fitness, Auto and many more • Counseling, Assistance, and other Support Programs • The sheer variety of work we do, and the experience it offers, provide an unbeatable platform from which to build a career!
Compensation
Capgemini discloses salary range information in compliance with state and local pay transparency obligations. The disclosed range represents the lowest to highest salary we, in good faith, believe we would pay for this role at the time of this posting, although we may ultimately pay more or less than the disclosed range, and the range may be modified in the future. The disclosed range takes into account the wide range of factors that are considered in making compensation decisions including, but not limited to, geographic location, relevant education, qualifications, certifications, experience, skills, seniority, performance, sales or revenue-based metrics, and business or organizational needs. At Capgemini, it is not typical for an individual to be hired at or near the top of the range for their role. The base salary range for the tagged location is $90,000 - $150,000.
This role may be eligible for other compensation including variable compensation, bonus, or commission.
Full time regular employees are eligible for paid time off, medical/dental/vision insurance, 401(k), and any other benefits to eligible employees. Note: No amount of pay is considered to be wages or compensation until such amount is earned, vested, and determinable. The amount and availability of any bonus, commission, or any other form of compensation that are allocable to a particular employee remains in the Company's sole discretion unless and until paid and may be modified at the Company’s sole discretion, consistent with the law.
Disclaimer
Please be aware that Capgemini may capture your image (video or screenshot) during the interview process and that image may be used for verification, including during the hiring and onboarding process.