This job board retrieves part of its jobs from: Toronto Jobs | Emplois Montréal | IT Jobs Canada

  open Jobs in Colorado  

Find daily jobs openings near you.

Slide 1
Slide 2
Slide 3
previous arrow
next arrow

Azure DevOps Security Engineer

Grant Thornton LLP

This is a Contract position in Denver, CO posted August 1, 2022.

Grant Thornton International Ltd (GTIL) is the umbrella legal entity for the Grant Thornton global network of member firms.

GTIL sets the strategic direction, convenes member firms, connects global communities, and protects the brand and reputation of the network.

GTIL and the member firms will continually improve the sustainability of their operations and strive to make a positive impact on clients, people, markets, and the communities in which we operate, in line with the UNs Sustainable Development Goals (SDGs).

Role purpose In our Go Beyond network strategy 2025 our vision is to become the most valued network in the profession.

The Azure DevOps Security Engineer plays a crucial role in overseeing the security of development operations (DevSecOps) for GTIL, which includes globally distributed practice management applications.

Reporting directly to the Global Cybersecurity Operations Manager and with key relationships to the Development Operations and IT Operations teams, this role provides architectural, analytical and operational expertise across a range of Azure services and other cloud-based security solutions.

Location This role is in a virtual working environment however the successful person will often need to align work according to American time zones.

Main responsibilities Securing the Software Development Life Cycle Security oversight of the continuous delivery, continuous integration (CI/CD) pipeline Combination of static and dynamic application security testing (SAST/DAST), to identify code bugs and application issues.

Software composition analysis (SCA) to track all open-source components in the developers code base.

Threat modelling to identify architectural design faults and potentially exposed targets of attack.

Evaluate and advise on service deployment into a microservices architecture (Kubernetes), and operational functions relative to security best practices and compliance requirements Maintain security issue tracking and reporting using Azure DevOps (ADO) Develop and maintain documentation of target state designs and security roadmaps.

Person specification Post high school education and/or work-related experience in Computer Science, Information Systems, or other Information Technology related field This role best suits a candidate with a background in development who has made a transition to cloud security.

The job requires effective communication (verbal and written) and project management skills to work with various levels and divisions within the organization; -Strong organisational and communication skills; -Ability to learn and adapt to a constantly changing technology and threat landscape.

Relationship building is a key requirement (this role scope of responsibility will on occasion extend to communicating with executive leadership and cross-functional teams) Provides expertise and solutions for complex initiatives and is capable of making independent decisions.

Cultural awareness, the ability to work well with people from different disciplines and backgrounds.

Ability to be agile, respond positively to change and contribute with an innovative and global mindset.

Experience Essential Solid experience of working in development and security operations OR a combination of relevant experience Demonstrated Security and Development Operational expertise in Azure DevSecOps
– Microservice architecture (Kubernetes), Authentication and Identity Governance (AzureAD), Identity and Access Management, OAuth 2.0, OpenID, Conditional Access), Container security (Docker and Runtime), Encryption (Key Vault), Azure SQL Server and Azure Cosmos DB, Azure Block Storage and Data Caching, .net, C#, REST API, Terraform CICD code analysis (SAST/DAST) ideally using Veracode Threat modelling Experience Desirable Security Controls and Benchmarking: OWASP Application Security Verification Standards, Azure Policy and Compliance Cloud security certification: e.g.

Certified Cloud Security Professional (CCSP), GIAC Secure Software Programmer (GSSP), GIAC Cloud Security Automation (GCSA), Certificate of Cloud Security Knowledge (CCSK).

About Us At Grant Thornton, we believe in making business more personal and building trust into every result for our clients and you.

Here, we go beyond your expectations of a career in professional services by offering a career path with more: more opportunity, more flexibility, and more support.

Its what makes us different, and we think being different makes us better.

About the Team The team youre about to join is ready to help you thrive.

Heres how: Whether its your work location, weekly schedule or unlimited flex time off, we empower you with the options to work in the way that best serves your clients and your life.

Here, you are supported to prioritize your overall well-being through work-life integration options that work best for your and those in your household.

We understand that your needs, responsibilities and experiences are different and we think thats a good thing.

Thats why we support you with personalized and comprehensive benefits that recognize and empower all the identities, roles and aspirations that make you, well, you.

See how at www.gt.com/careers When it comes to inclusion, we are committed to doing more than checking boxes.

Explore all the ways were taking action for diversity, equity & inclusion at www.gt.com/careers Heres what you can expect next: If you apply and are selected to interview, a Grant Thornton team member will reach out to you to schedule a time to connect.

We encourage you to also check out other roles that may be a good fit for you or get to know us a little bit better at www.gt.com/careers.

Additional Details: Grant Thornton requires personnel to be fully vaccinated against COVID-19 or self-test negative for COVID-19 within a specified timeframe in order to visit/enter firm offices, to visit/enter client or prospective client sites or facilities, or to attend in-person firm or client-sponsored events, subject to any medical, religious or other accommodations under the law.

Grant Thornton collects, uses and maintains vaccination-related data in accordance with its Privacy Policy, Personnel Privacy Notice, and applicable laws and regulations.

It is the policy of Grant Thornton to promote equal employment opportunities.

All personnel decisions (including, but not limited to, recruiting, hiring, training, working conditions, promotion, transfer, compensation, benefits, evaluations, and termination) are made without regard to race, color, religion, national origin, sex, age, marital or civil union status, pregnancy or pregnancy-related condition, sexual orientation, gender identity or expression, citizenship status, veteran status, disability, handicap, genetic predisposition or any other characteristic protected by applicable federal, state, or local law.

Consistent with the Americans with Disabilities Act (ADA) and applicable state and local laws, it is the policy of Grant Thornton LLP to provide reasonable accommodation when requested by a qualified applicant or employee with a disability, unless such accommodation would cause an undue hardship.

The policy regarding requests for reasonable accommodation applies to all aspects of employment, including the application process.

To make an accommodation request, please contact ColleagueSupportSpecialistsus.gt.com.

For Los Angeles Applicants only: We will consider for employment all qualified Applicants, including those with Criminal Histories, in a manner consistent with the requirements of applicable state and local laws, including the City of Los Angeles Fair Chance Initiative for Hiring Ordinance.