Software Security Specialist ( Azure & AWS Security Automation )
Position Overview
At PNC, our people are our greatest differentiator and competitive advantage in the markets we serve. We are all united in delivering the best experience for our customers. We work together each day to foster an inclusive workplace culture where all of our employees feel respected, valued and have an opportunity to contribute to the company's success.
The Software Security Specialist is apart of PNC's Enterprise Technology & Security organization.
This is a remote position and can sit anywhere within the PNC footprint, except for Colorado, Hawaii, Alaska. There is limited expectation for regular in person, in office activities.
PNC's Cloud Security Automation team is looking for a candidate who has experience in Azure, AWS and both Azure and AWS Policy deployments.
As a Software Security Specialist Sr., you will operationalize cloud security strategies and help automate security testing and deployment in the Azure Environment. You'll research, design, and help build a highly-automated CI/CD pipeline to interact with a Cloud Security Posture Management (CSPM) tool. You'll coordinate with team members, internal clients, and industry-leading vendors to identify and the execute techniques to integrate security automation into the processes that develop, test, build, configure, provision, and deploy Cloud security solutions PNC's public cloud ecosphere.
Job responsibilities will include:• Automate and orchestrate the process of Cloud software deployment (CI/CD) to integrate enterprise security standards, policies, configurations, and architectures, for applications, platforms, and infrastructure• Design and implement automated processes utilizing a third part CSPM for monitoring the security and governance aspects of PNCs public cloud workload deployments.• Work closely and collaboratively with the engineering teams to implement and maintain secure CI/CD pipelines in Azure and AWS.• Provide feedback and insight (to software engineering teams) in a collegial manner to facilitate secure development practices• Identify or develop tools to assist in container security automation and monitoring• Develop, test, and deploy scripts (python, bash, etc.) to automate security-related operational tasks• Work with IT teams to identify areas for improvement based on the Cloud Security team's vision and best practices• Track and report on the status of discovered security risks• Participate in code reviews or other engineering practices to expand the knowledge and pervasiveness of secure software engineering• Maintain an operational engineering skillset with a developer mindset
Preferred Qualifications:• At least 3 years of relevant DevOps and Security experience with one or more public cloud technologies • Experience with a third party CSPM tool such as Palto's Prisma Cloud or Rapid7's DivvyCloud with an ability to interact with the platforms UI and API. • Experience with deploying configurations via CSPM exposed API and pulling the CSPM API to obtain key performance indicators• Knowledge and understanding of IT architectures, distributed systems and microservices• Experience with programming languages and in writing automation scripts (Python, PowerShell, Bash, Java, C#, C )• Knowledge and experience with containerization (Docker, Kubernetes, AKS)• Knowledge and experience with CI/CD and DevOps tools such as GitHub/GitLab, Jenkins, Chef, Ansible, Puppet, Azure DevOps and Terraform• Knowledge and experience with security / DevSecOps tools• Understanding of cloud security and governance technologies such as WAF, IAM, CASB, and API Gateways• Outstanding troubleshooting/problem solving abilities• Exhibiting familiarity with Cloud Security Alliance, Center for Internet Security, ISC2, and SANS Cloud Security Standards for securing Cloud Applications, IaaS, PaaS, SaaS, Containers, and Microservices;• Experience working with relevant security frameworks (PCI, NIST, ISO 27001, SOC1/2)• Experience working with relevant cloud security frameworks/guidelines (CSA CCM, PCI Cloud Supplement, ISACA Cloud Computing Audit)• Inquisitive and resourceful - not afraid to network within the organizations to ask relevant questions• Excellent verbal and written communication skills - ability to explain complex concepts to a wide variety of individuals with varying technical skills• Team builder and facilitator of cross-team discussions with proven ability to identify and remove roadblocks and resolve issues• Interacting with project management team members and key stakeholders on application projects• Ability to handle sensitive and confidential information appropriately
Preferred Certifications:• Microsoft/AWS Certified:
-Azure Fundamentals- AZ-900,
-Azure Developer Associate - AZ-204
-Azure DevOps Engineer Expert - AZ-400
-Azure Security Engineer Associate- AZ-500
-AWS Certified DevOps Engineer
-AWS Certified Solutions Architect
-SANS - Cloud Security Automation (GCSA)
-ISC(2) - CISSP, CCSP
-Other similar professional certifications
Job Description
- Responsible for enabling developers to create more secure software through communicating best practices, requirements, and standards.
- Works with developers to help them create more secure code.
- Manages projects and tasks related to developer enablement.
- Sets secure coding standards and requirements with team.
PNC Employees take pride in our reputation and to continue building upon that we expect our employees to be:
- Customer Focused - Knowledgeable of the values and practices that align customer needs and satisfaction as primary considerations in all business decisions and able to leverage that information in creating customized customer solutions.
- Managing Risk - Assessing and effectively managing all of the risks associated with their business objectives and activities to ensure they adhere to and support PNC's Enterprise Risk Management Framework.
Competencies
Analytical Thinking - Knowledge of techniques and tools that promote effective analysis and the ability to determine the root cause of organizational problems and create alternative solutions that resolve the problems in the best interest of the business.
Effective Communications - Understanding of effective communication concepts, tools and techniques; ability to effectively transmit, receive, and accurately interpret ideas, information, and needs through the application of appropriate communication behaviors.
Information Assurance - Knowledge of and the ability to protect information and information systems while ensuring their confidentiality, integrity and availability.
Information Security Management - Knowledge of and the ability to manage the processes, tools, techniques and practices for assuring adherence to standards associated with accessing, altering and protecting organizational data.
Information Security Technologies - Knowledge of technologies and technology-based solutions dealing with information security issues.
IT Environment - Knowledge of an organization's IT purposes, activities and standards; ability to create an effective IT environment for business operations.
IT Standards, Procedures & Policies - Knowledge of and the ability to utilize a variety of administrative skill sets and technical knowledge to manage organizational IT policies, standards, and procedures.
IT Systems Management - Knowledge of and ability to utilize a variety of technical tools and techniques to guarantee service availability and ensure IT system performance.
Problem Solving - Knowledge of approaches, tools, techniques for recognizing, anticipating, and resolving organizational, operational or process problems; ability to apply this knowledge appropriately to diverse situations.
Software Security Assurance - Knowledge of and the ability to detect and prevent data security vulnerabilities of coding throughout the software development life cycle within software development organizations.
Work Experience
Roles at this level typically require a university / college degree, with 5+ years of industry-relevant experience. Specific certifications are often required. In lieu of a degree, a comparable combination of education and experience (including military service) may be considered.
Education
Bachelors
Additional Job Description
Base Salary: Commensurate with skills and experience.
Benefits
PNC offers employees a comprehensive range of benefits to help meet your needs now and in the future. Depending on your eligibility, options for full-time employees include medical/prescription drug coverage (with a Health Savings Account feature); dental and vision options; employee and spouse/child life insurance; short- and long-term disability protection; maternity and parental leave; paid holidays, vacation days and occasional absence time; 401(k), pension and stock purchase plans; dependent care reimbursement account; back-up child/elder care; adoption assistance; educational assistance and a robust wellness program with financial incentives. To learn more about these and other programs, including benefits for part-time employees, visit pncbenefits.com > New to PNC.
Disability Accommodations Statement:
The PNC workplace is inclusive and supportive of individual needs. If you have a physical or other impairment that might require an accommodation, including technical assistance with the PNC Careers website or submission process, please call 877-968-7762 and select Option 4: Recruiting or contact us via email at [email protected].
The Human Resources Service Center hours of operation are Monday - Friday 9:00 AM to 5:00 PM ET.
Equal Employment Opportunity (EEO):
PNC provides equal employment opportunity to qualified persons regardless of race, color, sex, religion, national origin, age, sexual orientation, gender identity, disability, veteran status, or other categories protected by law.
California Residents
Refer to the California Consumer Privacy Act Privacy Notice to gain understanding of how PNC may use or disclose your personal information in our hiring practices.
