Who we are
DoubleVerify (NYSE: DV) is the leading independent provider of marketing measurement software, data, & analytics that authenticates the quality & effectiveness of digital media for the world's largest brands & media platforms. DV provides media transparency & accountability to deliver the highest level of impression quality for maximum advertising performance. Since 2008, DV has helped hundreds of Fortune 500 companies gain the most from their media spend by delivering best in class solutions across the digital ecosystem, helping to build a better industry. Learn more at www.doubleverify.com.
The Sr. DevSecOps Engineer will be responsible for delivering the global application security program within the CISO/Information Security team.
The Sr. Application Security Engineer will lead & provide updated guidance & hands-on support to DoubleVerifys development & software/engineering teams on the current secure SDLC & software development security standards.
The individual will also lead the testing of the security controls of DoubleVerifys applications & implementation of architecture & operational projects to improve DoubleVerifys hybrid, application security posture.
The Sr. DevSecOps Engineer will be also responsible for integrating security automation into DevOps processes, enhance DoubleVerifys cloud security posture, & will lead the secure development training program.
Additionally, the position will support the broader information security team (Governance Risk & Compliance, Security Operations, & IT Security).
Responsibilities & Duties:
- Implement Application Security/DevSecOps across DV which covers areas such as integrating security into build automation, deployment automation, test automation, SDLC orchestration, environment management, monitoring, & production release procedures
- Promote DevSecOps culture & train development & DevOps teams secure development & secure SDLC
- Mastering subject matter expertise for enterprise customers within DVs web application security program
- Drive adoption of DevSecOps tools & practices including application security testing including automating security (within hybrid technology environment)
- Be engaged in all aspects of DevSecOps implementation & enhance security throughout
- Ability to apply security knowledge & experience in a DevOps development lifecycle
- Development & implementation of cloud security, container security & infrastructure as code security concepts, principles, & best practices
- Enhance DVs cloud security posture & application attack surface management by advising & assist implementing cloud security with DevOps & CloudOps personnel
- Supporting the creation & curating application security reports & metrics to DV stakeholders
- Deliver secure training to DVs global software developers/engineers
- Execute, liaise, & report on penetration testing results to DV application & infrastructure stakeholders
- Ability to perform technical integrations with SIEM tools
- Support Information Security department leads including but not limited to Governance Risk & Compliance (GRC), Security Operations (Incident Response, Monitoring etc.), & IT Security (TVM, additional security tools etc.)
- Assist in Merger & Acquisition (M&A) security-related activities
- 5+ years experience in application security including proficiency in AppSec concepts such as those in OWASP top 10, secure SDLC, agile methodologies & transformations etc.
- 3+ years experience in one or more security testing tools, including Static Analysis, Software Composition Analysis and/or Dynamic Analysis (e.g. Veracode, Checkmarx, Snyk, NetSparker, Acunetix, Qualys WAS etc.)
- Experience with hands-on development as a software engineer/developer
- Knowledge in CI/CD, securing the pipeline, best practices & tools (i.e. Gitlab/GitOps, TeamCity, Ansible)
- Great understanding of GCP or AWS security & DevSecOps
- Familiarity with infrastructure as code security
- Familiarity with container security
- Experience performing assessments against applications & their underlying infrastructure, configuration, & deployment strategy
- Good leadership, communication (written & oral) & interpersonal skills
- Understanding of data security & experience handling PII
- Bachelors Degree or higher in Computer Science or related field (Engineering, Computer Science, Mathematics Information Systems, etc) or equivalent technical experience
- Good to have but not necessary industry recognized certification in security (e.g., CISSP, CISM, CEH, OSCP, OSWA, GWAPT, GPEN, GCSA, GCLD, CCSK, CCSP, etc.)