Sr. DevSecOps Engineer - AEG Presents HQ
Los Angeles, CA
About the Job
For more than 20 years, AEG has played a pivotal role in transforming sports and live entertainment. Annually, we host more than 160 million guests, promote more than 10,000 shows and present more than 22,000 events around the world. We are committed to innovation, artistry, and community, and leverage the power of our 300+ venues, leading sports franchises, marquee music brands, integrated entertainment districts, premier ticketing platform and global sponsorship activations, to create memorable moments that give the world reason to cheer.
Our business is interwoven with the human mind and heart, and we strive to build a diverse and inclusive company that reflects the artists, athletes, and fans that we host; reach beyond traditional boundaries to support the communities in which we operate; and minimize our impact on the environment by adopting sustainable practices throughout our business operations.
If you want to be challenged to up your game and make a difference, then join us in giving the world reason to cheer!
Position Summary:
The Sr. DevSecOps Engineer is a highly skilled and technically oriented role responsible for implementing and maintaining secure software development practices across our organization. Collaborating with development, operations, and security teams, this position will ensure that our software delivery process and environments adhere to industry best practices while maintaining efficiency and robust security measures.
Essential Functions:
- Implement and maintain secure software development practices across the organization by performing code reviews and collaborate with development teams to address security vulnerabilities and implement secure coding practices.
- Providing guidance and support to development teams in implementing secure coding practices and integrating security into the development lifecycle.
- Collaborating with DevOps team to secure infrastructure and ensure secure deployment and operation of applications.
- Collaborating with cross-functional teams to define security requirements, standards, and guidelines for software development projects.
- Enhance and monitor the tools used within the development and operations process by reviewing and enhancing CI/CD pipelines using Azure DevOps, AWS Code pipeline, and Jenkins.
- Utilizing tools like Azure Log Analytics and SonarCloud to monitor and analyze system logs and application code for security vulnerabilities.
- Staying up to date with the latest security trends, vulnerabilities, and industry best practices, and ensure their integration into our software development processes.
- Secure Image and Artifact Management: Protect container images, build artifacts, and other software packages used in the CI/CD pipeline. Scan these artifacts for vulnerabilities before deploying them and utilize secure registries for storage and distribution.
- Help to implement and maintain a security program by conducting risk assessments.
- Developing a Risk Treatment Plan
- Determining and create needed information Security Policies
- Determining and create needed information Security Objectives
- Implementing Security Controls
- Work with internal and external team in working on audits, incident response, and/or compliance processes.
- Help to define requirements and processes for Disaster Recovery (DR) and Business Continuity. After requirements and processes are in determined and approved, assist in the facilitation of a DR test.
Required Qualifications:
- BA/BS Degree (4-year) in a related field.
- 4-6 years of related work experience
- Experience with a unified, real-time monitoring and analytics platform, such as Azure Log Analytics, Google Cloud Operations (Stackdriver), AWS CloudWatch, Sentry, Splunk or Datadog
- Experience in at least one programming language (JavaScript, Ruby, Python, PHP, C#)
- Experience with cloud environment such as AWS, Azure, and/or Google Cloud Platform
- Experience using a CI/CD tool like CircleCI, Jenkins, Azure DevOps, or AWS CodePipeline
- Experience configuring infrastructure and application alerts, alarms, and notifications.
- Proven experience as a DevSecOps Engineer or in a similar role
- Eagerness to work in a highly collaborative team environment.
- Knowledge of secure software development lifecycle (SSDLC) practices and secure coding principles
- Strong analytical, decision-making, interpersonal, and conflict resolution skills
- Great verbal and written communication skills.
- Results driven with reliable follow through.
- Comfortable using Git version control.
- Familiarity with industry security standards and frameworks such as OWASP, NIST, ISO 27001, or CIS benchmarks
- CISSP Certified Information Systems Security Professional preferred.
- Certified Information Systems Auditor (CISA) preferred.
- CompTIA Security+ Certification preferred.
Pay Scale: $115,800-$132,824
AEG reserves the right to change or modify the employee’s job description whether orally or in writing, at any time during the employment relationship. AEG may require an employee to perform duties outside his/her normal description.