Director - Development, Security & Operations (DevSecOps)

Job Description:

Position Overview

The primary responsibility of the Director – Development, Security & Operations (DevSecOps) is to oversee the technology security, administration, configuration, troubleshooting and automation of cyber security analysis of solutions within AWS. In this role, the Director will be responsible for managing the team of DevSecOps Engineers responsible for overall security posture of our cloud applications and AWS cloud infrastructure. The Director will work closely with the Corp IT and Corp Cyber Security leadership in coordinating the AWS security initiatives and auditing activities across all team activities.  A key part of the position is supporting compliance efforts related to secure SDLC processes and cloud infrastructure 

All duties are to be performed in accordance with departmental and Las Vegas Sands Corp.’s policies, practices, and procedures. All Las Vegas Sands Corp. Team Members are expected to conduct and carry themselves in a professional manner at all times. Team Members are required to observe the Company’s standards, work requirements and rules of conduct.   

Essential Duties & Responsibilities

• Provide technical expertise in securing systems, technical infrastructure, tools, modeling, external interfaces, and other technical areas.

• Complete complex development, design, implementation, architecture design specification, and maintenance activities as needed.

• Work closely with the Cyber Security and DevOps teams to integrate artifacts into the CI/CD Pipelines.

• Maintain a good understanding on the latest secure development practices and tools that help increase awareness around secure code practices and turn around when vulnerabilities are found.

• Ensure the viability and security of product deliverables.

• Identifies potential solutions, including the cost/benefit of each option. Approves technical solutions proposed by team members. Elevates complex technical issues to other technology or cyber security experts, including architects and vendors. Resolves any technical problems discovered by DevOps, development, or testers and any internal clients.

• Communicate with product teams on a frequent basis. Identifies tasks and issues that may have an impact on service levels or schedules.

• Provide realistic task and cost estimates from the team

• Screen resumes of team members, interviews, makes hiring and assignment recommendations, and conducts performance reviews.

• Maintain a current and working knowledge of IT development methodology, architecture design, and technical standards.

• As new standards and policies are instituted, ensures their usage by team members.

• Review and approve documentation and diagrams created by IT team members (e.g., system specifications). Writes documentation, including technical standards and processes.

• Identify opportunities for continuous quality improvement of technical standards, methodologies, and technologies.

• Participate in design, code, and test inspections throughout product life cycle to identify issues. Participate as a technical consultant at other project meetings. Presents technical status and issues at milestone reviews.

• Thoroughly understands and complies with IT and Cyber Security policies and procedures, especially those for quality and productivity standards that enable the team to meet established objectives.

• Thoroughly understands and complies with Information Security policies and procedures, and verifies deliverables meet Information Security requirements.

• Provide expertise and best practices for implementing cloud security (internal) and product security (external)

• Assess architectures and designs for security vulnerabilities and suggest and implement proper alternatives

• Oversee the management and remediation of identified security flaws within our development platforms

• Build and maintain monitoring, auditing, and reporting frameworks that produces artifacts that support security and compliance needs

• Provide packaging/deployment capability to deliver products to point of need, including multiple cloud-based solutions

• Support multiple agile teams across various platforms, environments, and instances

• Incorporate best practices to increase the quality & velocity of deployments

• Implement security best practices and configuration management

• Provide technical leadership and direction in the DevSecOps domain

• Perform technology watch related to industry trends, best practices, and competition.

• Provide individual engineers with technical leadership and help group members develop new skills.

• Ensure configuration and compliance with configuration management tools.

• Strong organizational skills, customer service focus, attention to detail, and process orientation.

• Ability to distill and present information to senior leaders.

• Participate in special projects

• Perform job duties in a safe manner.

• Attend work as scheduled on a consistent and regular basis.

• Perform other related duties as assigned.

Minimum Qualifications

• At least 21 years of age.

• Proof of authorization to work in the United States.

• Bachelor’s degree or equivalent in relevant discipline, and/or AWS Solution Architect

• 6+ years leading DevSecOps teams.

• 6+ years hands-on technical experience securing and monitoring AWS cloud infrastructure, and in-house developed applications

• Must be able to obtain and maintain any certification or license, as required by law or policy.

• Experience in cloud based containerized environment (Kubernetes, Docker)

• 2 or more of the following skill areas or technologies

  • 3rd party library security scanning (Whitesource or equivalent)

  • Static Code Scanning (Kiuwan or equivalent)

  • Dynamic Code Scanning

  • Code Hygiene scanning (SonarCloud, SonarQube or equivalent)

• 2 or more of the following skill areas or technologies

  • Prisma Cloud

  • Twistlock

  • Sonartype

  • Anchore

  • Datadog

• 2 or more of the following skill areas or technologies

  • Kubernetes

  • Docker

  • Container Security

  • AWS EKS

  • Helm

• Knowledge of IAM, cloud trail, guard duty, WAF, SDLC practices, basic scripting skills

• Experience with common programming and scripting languages, such as Golang, Ruby, C/C++, C#, Python, JavaScript, Bash

• Previous startup experience would be a huge plus

• Latent desire and/or curiosity in related domain like software development, front-end engineering, security or project management