Senior DevSecOps [US Client]

Industry/Sector

Not Applicable

Specialism

Cybersecurity & Privacy

Management Level

Senior Associate

Job Description & Summary

At PwC, our people in cybersecurity focus on protecting organisations from cyber threats through advanced technologies and strategies. They work to identify vulnerabilities, develop secure systems, and provide proactive solutions to safeguard sensitive data.

As a security engineer at PwC you will design, implement, and maintain security systems to protect an organisation's digital assets. You will analyse potential vulnerabilities, develop strategies to mitigate risks, and confirm compliance with industry standards and regulations. Additionally, you will conduct security audits and provide recommendations for enhancing the overall security posture.

Focused on relationships, you are building meaningful client connections, and learning how to manage and inspire others. Navigating increasingly complex situations, you are growing your personal brand, deepening technical expertise and awareness of your strengths. You are expected to anticipate the needs of your teams and clients, and to deliver quality. Embracing increased ambiguity, you are comfortable when the path forward isn’t clear, you ask questions, and you use these moments as opportunities to grow.

Examples of the skills, knowledge, and experiences you need to lead and deliver value at this level include but are not limited to:

• Respond effectively to the diverse perspectives, needs, and feelings of others.
• Use a broad range of tools, methodologies and techniques to generate new ideas and solve problems.
• Use critical thinking to break down complex concepts.
• Understand the broader objectives of your project or role and how your work fits into the overall strategy.
• Develop a deeper understanding of the business context and how it is changing.
• Use reflection to develop self awareness, enhance strengths and address development areas.
• Interpret data to inform insights and recommendations.
• Uphold and reinforce professional and technical standards (e.g. refer to specific PwC tax and audit guidance), the Firm's code of conduct, and independence requirements.

Key Responsibilities:

• Design security processes, controls, and governance approaches that scale across private, hybrid, and multi-cloud environments

• Development and implementation of comprehensive cloud, container, and application security strategies with a strong emphasis on DevSecOps principles

• Configure and deploy cloud resources, cloud topologies, landing zones in infrastructure-as-code (IaC) formats

• Strategize and design automated enforcement mechanisms for cloud security governance, including policy-as-code, preventative CSP guardrails, resource tagging, CI/CD pipeline gates, and CNAPP-enabled response playbooks

• Configure custom policy and control frameworks within CNAPP technologies to adhere to industry standard and apply consistent compliance measurement across cloud environments

• Instrument in-line security scanning technologies into CI/CD workflows to enable secure software delivery, inclusive of IaC scanning, image scanning, secrets scanning, code scanning, dynamic interface scanning, and dependency scanning platforms

• Integrate cloud and pipeline logging mechanisms with SIEM/SOAR platforms and design detection use cases to enable mature logging and monitoring programs

Qualifications:

• Bachelor’s degree in Computer Science, Computer/Systems Engineering, or a related field; advanced degree preferred

• Proven experience in cloud security management, with a strong focus on DevSecOps.

• In-depth knowledge of cloud platforms such as AWS, Azure, or Google Cloud, and their security features.

• Experience with security tools and technologies such as SIEM, WAFs, IAM, SAST/DAST, and container security.

• Familiarity with DevOps tools and practices including Jenkins, Docker, Kubernetes, and Terraform.

• Strong understanding of software development methodologies and secure coding practices.

• Excellent leadership and communication skills, with the ability to educate and influence teams on security best practices

Preferred Qualifications:

• Extensive experience in Linux/Windows administration and VMWare virtualization

• Proficiency in scripting languages (Bash, PowerShell, Python, Ruby, Perl, etc.)

• Proficiency in common programming languages (Git, Java, JavaScript, Python, Rust, Go, C#, etc.)

• Kubernetes and container orchestration platform administration experience

General requirements:

• Understand the importance of have a correct information management

• Knowledge of Information Security and Data Protection

• Correct Information Security Management

All qualified applicants will receive consideration for employment at PwC without regard to ethnicity; creed; color; religion; national origin; age; disability; neurodiversity; sexual orientation; gender identity or expression; marital; or any other status protected by law. PwC is proud to be an inclusive organization and equal opportunity employer. 

Travel Requirements

Not Specified

Job Posting End Date