C

Senior Director of DevSecOps

Center for Internet Security
Full-time
Remote
United States
$150,800 - $271,400 USD yearly

Overview

CIS seeks an experienced DevSecOps leader who can execute effective communications, strategic planning, technical expertise, and management skills. The leader will be responsible for managing DevSecOps for the Engineering Center of Excellence (ECoE). This role requires a combination of both hands-on work and implementation of strategic objectives around DevSecOps, technical thought leadership, and subject matter expertise for our ecosystem of applications and platforms. Responsibilities will also include designing, implementing, and maintaining our cloud infrastructure and services, and helping to automate and streamline our development and deployment processes. They will work closely with engineering, infrastructure, operations, and security teams to ensure that the DevSecOps processes and tools are aligned with the organization's goals and objectives. Key responsibilities include designing and implementing scalable and sustainable continuous integration and continuous delivery (CI/CD) pipelines, automating delivery processes, and providing guidance on performance and operability improvements. 

 

The Center for Internet Security (CIS) makes the connected world a safer place for people, businesses, and governments through our core competencies of collaboration and innovation. We are a community-driven nonprofit responsible for industry-leading best practices for securing IT systems and data. CIS is also a trusted resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial (SLTT) government entities and election offices.

 

CIS has an award-winning reputation for investing in its people (click here to learn more), as well as continuous learning and development. We offer our employees diverse opportunities to expand their impact personally and professionally, in their local communities, and among one another. Core Leadership Principles drive our employees at every level of the organization, empowering them to be leaders in everything they do.

 

Salary Range: $150,800 - $271,400
 
We offer a competitive total rewards package at the Center for Internet Security:
  • Base salary is determined on a number of factors including, but not limited to, education, experience and skills
  • Health (PPO, EPO, HSA), Dental & Vision Insurance eligibility starting from the first day of hire
  • $500 wellness card for Health Coverage Participants
  • 401(k) with 4% Company Match, vested from the first day of hire
  • Flexible Spending Account (FSA) & Dependent Care Account (DCA)
  • Life Insurance
  • Bonding Leave
  • Paid Volunteering Program
  • Bonus eligibility
  • Paid Time Off (PTO) inclusive of vacation, personal and sick time
  • Paid Holidays
  • Wellness Program
  • Employee Engagement Activities
  • Professional Development Opportunities
  • Tuition Reimbursement
  • Student Loan PayDown Program
  • Employee Referral program
  • Employee Assistance Program

What You'll Do

  • Lead teams in adopting modern design patterns, cloud-first approaches, security-first, and innovative integrations with partner systems
  • Develop deployment standards, reusable interfaces, and orchestration workflows to streamline processes and integrate cloud services effectively
  • Provide technical guidance on cloud best practices, cost optimization, and security throughout the organization
  • Create comprehensive documentation for automation processes, workflows, and standard operating procedures for educating team members on automation best practices
  • Build and maintain CI/CD building blocks and shared libraries proactively for app and development teams to enable quicker build and deployment
  • Create plug-and-play/reusable solutions and patterns for CI/CD pipelines
  • Create, develop, and implement automation and system integration for various build platforms
  • Create, develop, and implement solutions to address infrastructure and security requirements
  • Write scripts and code (e.g. Python, PowerShell, Bash, etc.) to automate repetitive tasks, integrate cloud services, and enhance cloud automation capabilities
  • Design and implement CI/CD pipelines and cloud infrastructure automation, ensuring high availability, reliability, scalability, and performance
  • Design action plans to address CI/CD platform, tools, and solutions’ shortcomings and difficulties
  • Integrate security controls and best practices into the automation process to ensure a secure cloud environment
  • Ensure incident tracking tools are updated in accordance with established norms and processes, gather all essential data and document any discoveries and concerns
  • Identify technical concerns and problems, assess them, and offer prompt solutions and/or escalation
  • Monitor and manage application performance and service quality, including initial troubleshooting, identification of root causes, and issue resolution
  • Stay updated on DevSecOps trends and apply continuous improvement models across deployment processes and tooling
  • Establish execution plans, manage risks, and oversee solution delivery
  • Ensure all changes follow the defined change control process with proper approvals documented
  • Provide clear and timely updates to senior management, escalate issues, and ensure adherence to change control processes
  • Provide leadership, vision, and direction for staff within the DevSecOps and QA teams
  • Manage the DevSecOps budget, with an ongoing focus on personnel, vendor, and capital expenditures
  • Work closely with CIS leadership and cross functional teams, playing a key technical and resource management role in cross-functional CIS projects
  • Define, track, and communicate relevant key performance metrics for the operations team to measure performance and contribution to goals and strategy
  • Hire, train, and manage talent to ensure teams have the skills required to be successful 
  • Manage vendor relationships for partner platforms and software services
  • Other tasks and responsibilities as assigned

What You'll Need

  • Bachelor’s degree in Information Technology, Computer Science, Engineering, Mathematics, or related field*
  • 8+ years of software management experience in broad-based information systems, full life-cycle application development, and/or building enterprise applications
  • 6+ years’ experience with DevSecOps technologies, cloud-based provisioning, CI/CD pipelines, monitoring, and troubleshooting  
  • 5+ years of experience in Agile practices
  • 5+ years of experience with AWS, GCP, Microsoft Azure, or another cloud service
  • 5+ years of experience with various coding and scripting languages such as Bash, Python, PowerShell
  • Comprehensive technical expertise in a variety of DevSecOps toolkits, including Ansible, Jenkins, Artifactory, Jira, Black Duck, Terraform, Git/Version Control Software, or comparable technologies
  • Knowledge of DevOps Automation (Terraform, GitHub, GitHub Actions)
  • Ability to lead a constructive retrospective session for processes and tools
  • Excellent problem-solving and analytical skills, including experience interpreting data, sometimes with limited context and direction
  • Demonstrated ability to communicate complex technical information in a condensed manner to various stakeholders verbally and in writing
  • Working knowledge of data and reporting processes to provide the presentation layer for product-management-oriented KPIs
  • Experience using, evaluating, and procuring tools used to support product management, development, and/or other business units (sales, marketing, etc.)
  • Demonstrated expertise in strategic thinking, strong business acumen, and a highly creative problem solver
  • The position is open to U.S. citizens and requires a favorably adjudicated DHS Fitness Review for Public Trust Positions**

It's A Plus If You Have:

  • Master's degree in Computer Science, Information Technology, Engineering, Mathematics, or related field. 
  • 10+ years of people management experience 
  • Experience using modern containerization software including Docker, OpenShift and Kubernetes 
  • Proficiency with automation tools such as Ansible, Chef or Puppet 
  • Knowledge of Prisma Cloud, SIEM, SOC, Nessus, CrowdStrike or similar services
  • Familiarity with API Security, Container Security, and AWS Cloud Security
  • Knowledge of PCI-DSS, HIPPA, SOX, GDPR, and CCPA Standards and Policies and the associated certification and audit processes
  • Project Management experience 
  • Experience with AWS cloud services: EC2, S3, Data Lake, Glue, AppFlow, as well as AWS policy, configuration, and security management tools
  • Industry related certifications such as GSLC, GISF, GSEC, CISSP, AWS DevOps and AWS Security

*Additional years of relevant experience or a combination of an Associate’s degree or equivalent and relevant experience may be substituted for the Bachelor’s degree.

 

**Factors that may cause a negative Fitness Review decision include:

  • Criminal Conduct
  • Dishonest Conduct
  • Employment Misconduct
  • Alcohol Abuse
  • Drug Use (illegal drug use or use of a legal drug in a manner that deviates from approved medical direction) Additionally, illegal drug use includes the use of drugs that are illegal for federal purposes despite being legal in select states and countries, such as marijuana.
  • False Statements
  • Financial Issues
  • Have not resided in the US for three (3) of the past five (5) years

At CIS, we are committed to providing an inclusive environment in which the diverse backgrounds, experiences, and views of our employees, members, and customers are valued and respected. It is through this commitment that we are able to work together towards our common mission: to make the connected world a safer place.