ORCID is seeking a Senior DevSecOps Engineer to serve as a technical advisor and implementor to ensure the ongoing security of ORCID products and service offerings. The Senior DevSecOps Engineer reports directly to the Director of Technology but is also functionally accountable to the Director of Operations and the Director of Product as seamless, matrixed partnership across ORCID units will be key to the success of this role. This position is full time (40 hours/week) and, like all positions at ORCID, is fully remote. Candidates must be able to work during Europe or Americas standard business hours (Mon-Fri) with at least four hours daily between ******** UTC, with some recurring meetings between ******** UTC. Outside of these parameters, ORCID offers flexibility with your schedule.
Responsibilities: Work with ORCID senior staff, product, technology, and devops teams to identify the right architecture to ensure the secure implementation of new solutions, products, and modules.Develop, implement, and maintain product security strategy for the ORCID product portfolio.Conduct complete lifecycle security architecture and technical assessments for a wide range of product infrastructure, databases, web applications, and internal/SaaS software solutions.Identify and work with the ORCID product and technology teams to mitigate security risks in the product and infrastructure.Collaborate with the product and technology teams to ensure security best practices are integrated into the development lifecycle (SDLC) to reinforce 'security by design' concepts.Provide guidance and leadership on best practices regarding security in software and product development.Analyse and prioritise vulnerabilities identified by developers, customers, testers, as well as automated static and dynamic application security testing.Work closely with developers to remediate in alignment with the identified risk to ORCID systems, users, and data.Implement or guide the implementation of common application security controls.Ensure privacy requirements are implemented through data protection and security technology both within ORCID products and internal/SaaS tools.Work with the ORCID operations team on the selection and secure configuration of internal/SaaS tools.Identify and work with the ORCID operations team to mitigate security risks in internal and SaaS tools.Provide training and education to developers on software security best practices.Participate in the on-call rotation for out-of-hours support and respond to extraordinary situations or technical emergencies. Requirements and Qualifications: Required Skills: Proven experience as a DevSecOps engineer or similar role involving securing a user-facing product.
#J-18808-Ljbffr