DevSecOps Engineer

DevSecOps Engineer

25 ene
Willis Towers Watson

25 ene

Willis Towers Watson


TRANZACT, a Willis Towers Watson company is looking for a DevSecOps Engineer to be part of our Individual Marketplace team. We operate in a complex, multi-tenant, hybrid cloud and on-premises infrastructure that spans both the Windows and Linux OS. We strive for security, reliability, and automation in line with DevOps and Site Reliability Engineering principles. If you are passionate about DevOps principles with an eye towards recognizing security threats, securing applications, and infrastructure configuration; and if you are passionate about engendering that mindset in others, we want to hear from you.

We are looking for a candidate with solid Networking, Systems and Security experience in our Platform Product Family.

This Product Family is responsible for maintaining all of the Individual Marketplace’s IT infrastructure ranging from desktop support, datacenter and cloud platforms, networking, build pipeline and application support. We aim to enable software engineering teams to build cloud native applications that adhere to security and regulatory requirements with limited handholding by our engineers. We do still have a fair number of applications hosted in on-premise data centers, which we aim to support migrating to the cloud.


Hands-on experience with a majority of the following technologies, along with a willingness to become proficient in the remaining areas:

• Windows and Linux Servers, VMware, Active Directory

• Cloud platforms, preferably with Azure

• Secrets management with Consul and Vault or similar systems

• Certificate management, encryption, and security best practices

• Penetration testing and vulnerability scanning

• Configuration management tools like Salt and Terraform

• Firewalls and load balancers such as F5

• Web servers, including IIS and NGINX

• Database Server Infrastructure like Microsoft SQL Server and PostgreSQL

• Application Performance Monitoring with tools like New Relic

• Infrastructure monitoring with tools like Sensu, SolarWinds, Nagios, or Azure App Insights

• CI/CD tools like TeamCity, Octopus Deploy, Concourse, Azure DevOps, or GitHub Actions

• Log Aggregation tools like SumoLogic or Splunk

• Network theory and protocols such as DNS, DHCP, proxy servers, and firewalls

• Security operations with tools for SAST, DAST, RAST, and WAF

• Risk analysis for tools and processes

• Incident response and management

• Automation of security controls

Proficiency, high-comfort,

and familiarity with:

• One or more programming or scripting languages (Python, PowerShell, BASH)

• Command line tools such as (git, netcat, npm, terraform, etc.)

• Information Security frameworks and standards (NIST)


Additional consideration given for one or more of the following certifications:

• Certified Web Application Pen Tester (CWAPT)

• Certified Computer Hacker Forensic Investigator (CHFI)

• Certified Information Systems Security Professional (CISSP)

• Certified Secure Software Lifecycle Professional (CSSLP)

• Certified Software Test Engineer (QAI CSTE)

We are an equal opportunity employer

Suscribete a esta alerta:
Escribe tu dirección de correo electrónico, te permitirá de estar al tanto de los últimos empleos por: devsecops engineer
Suscribete a esta alerta:
Escribe tu dirección de correo electrónico, te permitirá de estar al tanto de los últimos empleos por: devsecops engineer