The Development Technology and Transformation group is responsible for leading technology and operational needs across our product lines and developing the necessary backbone to achieve that within Kongsberg Digital. We standardize processes that can often be laborious, time-consuming, and inefficient as part of this effort. We identify processes that need standardization, establish order, and automate manual steps to streamline the process. Our tools and processes impact numerous product lines and are transforming the way people work at Kongsberg Digital.
In this role, you will provide work towards the organization-wide adoption of DevSecOps practices. You will be tasked with guiding teams into CI/CD methodologies with Secure Development Lifecycle practices and coaching our feature teams with hands-on work. In doing so, it will be essential to provide team members with feedback and means of improvement through hands-on support, collaborating with people across widely varying levels and roles, including Product Owners and DevOps teams. You will also be an active contributor for operational collaboration in compliance practices, SOC 2, and other initiatives and implementing a plan for adopting DevSecOps. So, if you believe (i) Security is a Process, not a tool or set of tools, (ii) Security is everyone's responsibility, and (iii) you think of the DevSecOps Culture as the evolutionary adaptation of security into the DevOps Culture, let's talk!
Focus on the true security of the delivered solution rather than theoretical best practices; help teams understand what security means in practice.
Act as a change agent and help product engineering teams to integrate security as part of their continuous integration and deployment lifecycle.
Sync with Security Champions across the board for operational collaboration on compliance standards like SOC 2.
Create automation frameworks that produce measurable and iterative DevSecOps for product teams to have security controls built in from the start.
Use platform-agnostic assessment methodologies to create bespoke security automation for agile environments.
Experience with software security initiatives, DevSecOps, security automation, security toolchain, security regression, vulnerability assessments, SAST, DAST, Secure coding guidelines, threat modeling, vulnerability correlation.
Engage with the Product Engineering, DevOps, and Security teams, to articulate benefits of integrating application security as part of the agile engineering and product release pipeline, focusing on shift-left strategy.
Hands-on experience with a solid understanding of working within a DevSecOps environment utilizing Secure Development Lifecycle best practices
Prior experience in programming and development to utilize within coaching methodologies, setting up CI/CD pipelines
Experience in Azure PaaS, Azure DevOps
Proven technical background/understanding of DevOps, Software Engineering, or Infrastructure Engineering
Experience coaching and upskilling teams on DevSecOps practices and adoption
Strong experience with Continuous Integration/ Continuous Testing/ Continuous Delivery processes and tools like WhiteSource, Sonarqube, Snyk.
Experience in integrating security and performance testing into the DevOps pipeline
Overview and experience in GRC, compliance regulations like SOC 2 is a big plus.
If you are motivated by challenges, love working with people in a fast-paced environment and inspire others to take another look at what they already love doing, we're the place for you!