Shape Your Future With Us
General Re Corporation, a subsidiary of Berkshire Hathaway Inc., is a holding company for global reinsurance and related operations, with more than 2,000 employees worldwide. Its direct reinsurance companies conduct business as Gen Re.
Gen Re delivers reinsurance solutions to the Life/Health and Property/Casualty insurance industries. Represented in all major reinsurance markets through a network of more than 40 offices, we have earned superior financial strength ratings from each of the major rating agencies.
Gen Re currently offers an excellent opportunity for a DevSecOps Engineer in our Stamford, CT office or performed remotely for appropriately qualified individual within the Information Technology Unit
The DevSecOps Engineer will work with platform owners to automate enforcement of secure configurations and to integrate security into CI/CD pipelines for builds and deployments of infrastructures and applications.
The position reports to the Information Security tower and interacts with other IT Departments regularly to validate concepts and implement relevant changes.
Candidate must have strong hands-on technical background and must demonstrate security expertise at all layers of the OSI stack. Candidate must be highly collaborative and is expected to mentor and partner effectively with other teams on an ongoing basis.
The candidate must be comfortable operating in a traditional enterprise IT environment, and be expert in Dev(Sec)Ops tools and practices.
- Work with Infrastructure and Security towers to design, POC and implement configurations to limit damage potential from exploited DevSecOps systems
- Integrate mechanisms to monitor and correct security configurations in DevOps systems and services
- Implement code scanning (e.g. Whitesource Bolt, SonarQube, etc.)
- Automate audit, deployment and enforcement of security configurations leveraging DevSecOps best practices
- Mentor application developers in Secure Coding practices
- Curate and triage code-scanning results to ensure effective processing by dev teams
- Maintain all relevant configurations and automations in Gen Re’s source code version control system
- Integrate programmatic management of keys and secrets for CICD operations (e.g. Azure Key Vault)
- Collaborate with Dev teams to securely implement container-based infrastructures and applications
- Research and champion best practices for secure implementation of cloud native systems
- Compose and contribute security configurations and operations into CI/CD Pipelines
- Bachelor’s or master’s degree in computer science, information systems or other related field, or equivalent work experience.
- Professional security management certification, such as a ISC(2) Certified Information Systems Security Professional (CISSP), SANS GIAC Information Security Professional (GISP), GIAC-Security Expert (GSE), or GIAC Certified Enterprise Defender (GCED)
Experience/Skill (5–10 years)
- Strong conceptual thinking and communication skills – the ability to translate complex business and technical requirements into effective and comprehensible solutions
- Applies strong logic and principles-based reasoning to define solutions and justify proposals
- Maintains deep expertise in the growing body of IT security vulnerabilities, threats, exploits and mitigations
- Experienced in securely implementing mixed Azure infrastructures (hybrid IaaS + PaaS)
- Proficiency in Azure DevOps, Github, Azure Key Vault, Jenkins, and similar. Azure PAAS Deployments via ARM/Azure Proficiency with relevant Azure services (e.g. Event Hub, AKS, ARM, App Services)
- Proficiency with scripting / programming languages (e.g. Python, Ruby, Powershell)
- Proficiency with Ansible, Docker, Kubernetes and Helm
- Proficiency with DockerBench and other tools used to secure CI/CD and DevOps practices