DevSecOps Application Security Lead Engineer (remote)

Our team members are at the heart of everything we do. At Cencora, we are united in our responsibility to create healthier futures, and every person here is essential to us being able to deliver on that purpose. If you want to make a difference at the center of health, come join our innovative company and help us improve the lives of people and animals everywhere. Apply today!
Job Details
About the Position:
The DevSecOps Application Security Lead Engineer at Cencora is a key role focused on enhancing application and API security within the DevOps pipeline. This position requires an experienced security professional who will identify, assess, and remediate application vulnerabilities while collaborating with various teams to ensure security is integrated throughout the software development lifecycle. The engineer will also educate teams on secure coding practices and manage incident response protocols, contributing to the overall cybersecurity strategy of the organization.
Responsibilities:

• Incorporate security measures into every stage of the DevOps pipeline to protect applications and APIs.
• Implement and maintain controls within the Continuous Integration/Continuous Deployment (CI/CD) pipeline to meet necessary security standards.
• Regular usage of automated tools for routine security checks.
• Facilitate collaboration among development, operations, and security teams.
• Develop policies that align with regulations, alongside conducting comprehensive assessments of application/API security.
• Educate teams about secure use of applications/APIs, keeping up-to-date with cybersecurity trends.
• Manage incident response protocols and provide training on secure coding best practices.
• Utilize automation tools to identify potential vulnerabilities before they escalate into threats.
• Evaluate third-party services for potential weaknesses in their security posture.
• Ensure that vulnerabilities are remediated before code moves to production and provide guidance on the remediation process.
• Conduct proactive research to analyze security weaknesses and recommend appropriate strategies to strengthen controls.
• Assist in security initiatives for areas like Cyber Operations, Incident Response, Threat Intelligence, and Vulnerability Management.
• Guide, coach, and mentor Engineers I/II in executing their tasks.
• Work on multiple projects as a key contributor to cybersecurity initiatives.
• Collaborate with IT teams to improve cloud and application security measures.
• Communicate advanced information security concepts with clients, peers, management, and vendors effectively.

Requirements

• Education: Bachelor's or Master's degree in Computer Science, Cybersecurity, or a related field.
• Development Background: Must have hands-on development experience and a strong understanding of secure coding practices.
• Six (6) or more years of directly-related or relevant experience, preferably in information security.
• Prior experience as a "lead" - highly desired
• Vulnerability Management: Experience in tracking aging vulnerabilities, ensuring timely remediation, and reducing false positives.
• API Security Expertise: In-depth expertise in securing RESTful and SOAP APIs.
• CI/CD Security: Proven experience implementing security controls within the CI/CD pipeline.
• Tools and Methodologies: Proficient in using Checkmarx One and Veracode for static and dynamic analysis of application code. Experience with SAST (Static Application Security Testing), SCA (Software Composition Analysis), IaC (Infrastructure as Code) security, DAST (Dynamic Application Security Testing), and container security.
• Vulnerability Scanning: Extensive experience in vulnerability scanning, penetration testing, and remediating critical security issues.
• Collaboration: Ability to coordinate and collaborate with global teams, empowering developers on secure coding practices.
• Security Advocacy: Advocate for embedding security at the earliest stages of development.
• Monitoring and Tracking: Strong focus on monitoring and tracking vulnerabilities to reduce risk.
• Security Testing Expertise: Familiarity with various security testing methodologies and tools.

Nice-to-Haves

• Certifications: OSCP (Offensive Security Certified Professional), CEH (Certified Ethical Hacker), or CISSP (Certified Information Systems Security Professional).

What Cencora offers
We provide compensation, benefits, and resources that enable a highly inclusive culture and support our team members' ability to live with purpose every day. In addition to traditional offerings like medical, dental, and vision care, we also provide a comprehensive suite of benefits that focus on the physical, emotional, financial, and social aspects of wellness. This encompasses support for working families, which may include backup dependent care, adoption assistance, infertility coverage, family building support, behavioral health solutions, paid parental leave, and paid caregiver leave. To encourage your personal growth, we also offer a variety of training programs, professional development resources, and opportunities to participate in mentorship programs, employee resource groups, volunteer activities, and much more. For details, visit https://www.virtualfairhub.com/cencora
Full time
Salary Range*
$98,200 - 151,360
*This Salary Range reflects a National Average for this job. The actual range may vary based on your locale. Ranges in Colorado/California/Washington/New York/Hawaii/Vermont/Minnesota/Massachusetts/Illinois State-specific locations may be up to 10% lower than the minimum salary range, and 12% higher than the maximum salary range.
Equal Employment Opportunity
Cencora is committed to providing equal employment opportunity without regard to race, color, religion, sex, sexual orientation, gender identity, genetic information, national origin, age, disability, veteran status or membership in any other class protected by federal, state or local law.
The company's continued success depends on the full and effective utilization of qualified individuals. Therefore, harassment is prohibited and all matters related to recruiting, training, compensation, benefits, promotions and transfers comply with equal opportunity principles and are non-discriminatory.
Cencora is committed to providing reasonable accommodations to individuals with disabilities during the employment process which are consistent with legal requirements. If you wish to request an accommodation while seeking employment, please call 888.692.2272 or email [email protected]. We will make accommodation determinations on a request-by-request basis. Messages and emails regarding anything other than accommodations requests will not be returned
Affiliated Companies:
Affiliated Companies: AmerisourceBergen Services Corporation