DevSecOps Analyst
Corporate (External)
Req #: 14331
Type: Regular Full-Time
Overview: As one of the fastest-growing and most exciting brands in the industry, Crash Champions is the largest founder-led multi-shop operator (MSO) of high-quality collision repair service in the U.S. The company, which also operates the growing Crash Champions LUXE | EV Certified brand of highline and luxury EV repair centers, services customers at more than 650 state-of-the-art locations in 38 states across the U.S. Crash Champions was founded in 1999 as a single Chicago repair center by industry veteran and 2023 EY Entrepreneur of the Year Midwest award winner Matt Ebert. For more than 25 years, our vision has been anchored by the belief that delivering superior collision repair service is about People First. Welcome to Crash Champions. We Champion People. Responsibilities: JOB PURPOSE: The DevSecOps Analyst is responsible for ensuring that application services are implemented with high security standards. This role involves analyzing the security of applications and their underlying services, addressing both legacy and emerging security issues, and implementing secure development practices. The DevSecOps Analyst communicates with technical and leadership teams to focus on risk mitigation, ensuring business continuity without negligent risk. They also assess the security of applications for business-to-business initiatives, third-party relationships, and vendors. Additionally, the DevSecOps Analyst performs security awareness phishing campaigns to educate and test employees on recognizing and responding to phishing attempts. Highly knowledgeable, the DevSecOps Analyst recommends programmatic controls and manages secure development practices to address modern security challenges. ESSENTIAL DUTIES AND RESPONSIBLITIES: * Perform vulnerability and penetration testing utilizing automated security tools. * Document security findings with reasonable methods to secure. * Focus on automation to aid in efficiencies with both testing and remediation of findings. * Work in tandem with developers to provide repetitive validation testing prior to production while allowing for a continuous cycle of development followed by application security assessments. * Regularly monitor the security community for public-facing security issues, as well as to learn new tactics that can be used in testing. * Attend and participate in application projects and change management committees. This includes interacting with business units and technical teams to understand what is coming and how their projects can be more secure from the beginning. * Follow a security review process to ensure an automated and repeatable process is managed through the use of dynamic and static code analysis resources. * Use security standards and implementation configurations, as well as common security frameworks. * Align with architects and development teams for a mission of secure design. * Train developers and others on weaknesses to avoid. * Actively participate and lead security team meetings that facilitate secure design. * Highly engage in information security projects that evaluate existing security infrastructure and propose changes as defined by security leadership and architects. Additionally, deliver projects on time, within budget and in accordance with SLAs. * Focus on application security that observes compliance -PCI, SOX, SOC2, ISO27001, NIST, etc. - and privacy laws. * Work in tandem with architects, the security operations team, incident responders (when anomalous activity and host compromise occurs), and technology infrastructure and development team members. * Respond to and handle service and escalation tickets within SLA expectations. * Develop security test plans from architectural design. Identify deficiencies and make enhancements to ensure production is not impacted. * Conduct performance testing to stress the limitations of security solutions while ensuring business innovation and day-to-day processes are not negatively impacted. * Conduct security awareness phishing exercises and track progress to evaluate employees of the organization * Perform other duties as assigned. Qualifications: QUALIFICATIONS: * Preferable to have 5+ years' experience in cybersecurity. * Highly technical and analytical knowledge to work across multiple organizational business units. * Vulnerability and penetration-testing skills. * Excellence in communicating business risk from cybersecurity issues. * Proficiency in software development (Java, Python, C++, Ruby, etc.). * Understanding of network and web protocols. * Understanding of security of intra-company and third-party APIs. * Experience with dynamic and static analysis tools. * Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively. * Experience with applications hosted in Microsoft Azure. * Experience with cryptography controls and measures to secure applications and data. * Proficiency with scripting in Python, JavaScript, PowerShell, PHP, or Ruby. * Working knowledge of Windows and Linux. * Highly trustworthy; leads by example. This job description is intended to describe the general nature and level of work being performed by people assigned to this job. They are not intended to be an exhaustive list of all responsibilities, duties, and skills. You may be asked by your supervisor or managers to perform other duties. Your performance will be evaluated in part based upon your performance of the job duties listed in this job description, as well as any job duties not specifically listed above that you may be asked from time to time to perform. The Company has the right to revise this job description at any time. Crash Champions is an equal opportunity employer committed to workplace diversity. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, national origin, age, gender identity, protected veterans' status, status as a disabled individual or any other protected group status or non-job characteristic as directed by law.
Share this job:
