9433BRCompany Summary:As the recognized global standard for project-based businesses, Deltek delivers software and information solutions to help organizations achieve their purpose. Our market leadership stems from the work of our diverse employees who are united by a passion for learning, growing, and making a difference. At Deltek, we take immense pride in creating a balanced, values-driven environment, where every employee feels included and empowered to do their best work. Our employees put our core values into action daily, creating a one-of-a-kind culture that has been recognized globally. Thanks to our incredible team, Deltek has been named one of America's Best Midsize Employers by Forbes, a Best Place to Work by Glassdoor, a Top Workplace by The Washington Post, and a Best Place to Work in Asia by the World HRD Congress. Please check www.deltek.com for more information.Auto req ID:9433BRExternal Job Title:Senior Principal DevSecOps EngineerPosition Responsibilities: POSITION SUMMARY: Deltek is seeking an energetic and driven person to join our Product Security Team. The team member will be focused on DevSecOps, specifically guiding SaaS product security throughout the entire lifecycle, including design, development, deployment, and operations. They’ll work closely with Deltek product and engineering teams to implement security at scale using a risk-based approach. The ideal candidate will act as the security champion for a new SaaS offering and have expertise in reviewing the security of web, desktop, and/or mobile applications. They must be capable of running and interpreting reports from Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and Mobile Application Security Testing (MAST) tools. The candidate should have knowledge of cloud-first, serverless, and micro-service application architecture and relevant security concerns. The ability to read and understand application code is a big plus. They should be able to work and communicate security information with engineering, product management, and senior leadership in an effective manner. Knowledge of DevOps, Application Security, and Cloud Security is required to be successful in this role. ESSENTIAL DUTIES AND RESPONSIBILITIES: + Ability to work with the Solution and Security architects to contribute to the design and incorporate the operational requirements within the design process. + Manage and monitor security throughout the product lifecycle from development to operations with a DevSecOps mindset. + Application Security - Collaborate with development and engineering to ensure security steps are performed, findings are analyzed, and remediation performed during the Software Development Lifecycle (SDLC). This includes: + Threat Modelling + Static Application Security Testing (SAST) + Software Composition Analysis (SCA) + Dynamic Application Security Testing (DAST) + Mobile Application Security Testing (MAST) + Cloud Security – Ensure cloud security processes are completed and findings are remediated before deployment to production. These include: + Infrastructure as Code (IaC), Orchestration, and Automation Security + Cloud Security Posture Management (CNAPP, CSPM) + Container, and Host Security (CNAPP, CWPP, VMDR) + Endpoint Protection (EPP) + Network Security and Edge Security + Compliance - Maintain compliance with internal policy, industry standards, and regulations including FedRAMP, NIST 800-171, and CMMC. + Data Encryption + Logging and Monitoring + OS Patching and Vulnerability Remediation + CIS Benchmarks and DISA STIGs + Identify false positives or misconfigurations that can improve tool outputs. + Lead remediation and continuous improvement across the product security posture with effective countermeasures and targeted mitigations. + Develop clear risk insight from analysis of application security findings. + Ability to perform work after normal business hours. + Keep up to date with application security trends. + Operating vulnerability management processes, suggesting applicable change controls, and security exceptions. Work Location:India-RemoteQualifications: ESSENTIAL KNOWLEDGE & SKILLS: Desired Education & Experience: + Bachelor’s Degree in a related field (Computer Science, Cybersecurity, etc.) or equivalent training and experience. + Security certification(s) – CompTIA, CSSLP, GIAC, ISC2, etc. + 7+ years’ experience in cloud security, application security, DevSecOps, or related areas. Technical Knowledge and Skill + Strong knowledge of security and best practices. + Experience with Secure SDLC tools including SAST, SCA, MAST, and DAST. + Experience with security for SaaS/Cloud-delivered products including vulnerability management, cloud security, container security, and DevSecOps. + Experience with CI/CD pipelines and automation tools such as Terraform, Jenkins, and others + Skill with one or more programming or scripting languages (e.g., Java, VB, C#, C++, Ruby, bash, PHP, Python, PowerShell, etc). + Experience with security automation. + Experience with vulnerability management processes. + Credibility and high professionalism. + Strong analytical and creative problem-solving skills. + Strong verbal, written, and presentation skills; collaborative, innovative, and curious. + Attention to detail and follow through on tasks. + The position will work closely with Deltek staff in the Philippines, India, US, and EU. The above statements are intended to describe the general nature and level of expected work for this position. This is not intended to be an exhaustive list of all the responsibilities, duties, and skills required. The duties may be changed, and other duties may be assigned. Travel Requirements:NoApplicant Privacy Notice:Deltek is committed to the protection and promotion of your privacy. In connection with your application for employment with us at Deltek, it is necessary for us to collect, store and use information about you (“Personal Data”) to administer and evaluate your application. We are the “controller” of the Personal Data you provide us and will process any such Personal Data in accordance with applicable law and the statements contained in this Employment Candidate Privacy Notice (https://education.deltek.com/web/du\_internal/Recruitment/Applicant Privacy Notice.pdf) . Additionally, we have not sold and do not sell Personal Data you provide to us through the job application process.