The Honey Baked Ham Company, LLC DevOps/SecOps Analyst in Atlanta, Georgia
Here at HoneyBaked, we believe in "we" over "me" and in paying it forward. Making a difference and keeping it fun are part of our DNA. Being authentic in everything we do and living our Values in full view of the community we serve is just who we are. If that's who you are, too, then this could be the place for you. We're looking for a DevOps/SecOps Analyst to join the team. This role requires a deep understanding of both DevOps and cybersecurity practices, as well as a proactive approach to identifying and mitigating security risks.
NOTE: This role part of our Data Center in Dunwoody, but will work from home. However, because of the need to collaborate, there will be times where in person meetings are necessary. Therefore, candidates should be in the greater Atlanta metropolitan area.
WHAT THIS ROLE DOES
DevOps Integration: Collaborate with development and operations teams to integrate security practices into the DevOps pipeline, promoting a culture of "security as "
Security Automation: Develop and maintain automated security processes, including vulnerability assessments, and code analysis, to identify and address security vulnerabilities throughout the development lif
Compliance: Ensure compliance with industry regulations and standards (e.g., GDPR, HIPAA, PCI-DSS) by implementing necessary security controls and participating in audits as
Security Awareness: Promote security awareness across the organization by providing training, documentation, and best practice guidelines for secure development and
Collaboration: Work closely with cross-functional teams, including software engineers, system administrators, and IT staff, to ensure security is prioritized throughout the software development lif
SBOM Creation and Maintenance: Generate, update, and manage comprehensive SBOMs for all software Collaborate with development teams to gather information on software components, dependencies, and versions.
Component Identification: Analyze software packages and artifacts to identify components, including third -party libraries, open-source software, and proprietary
Version Tracking: Monitor and track changes to software components and versions, ensuring the SBOM is always up - to-date and accurately reflects the software's
Vulnerability Assessment: Work closely with security teams to assess the security posture of software components by analyzing vulnerabilities and their associated
Integration with CI/CD Pipelines: Integrate SBOM generation and analysis into the continuous integration and continuous delivery (CI/CD) pipelines to automate and streamline the
Risk Management: Assess and prioritize risks associated with software components, considering factors such as vulnerabilities, licensing, and criticality.
Documentation and Reporting: Maintain accurate documentation of SBOMs, vulnerability assessments, and compliance Generate regular reports for stakeholders.
Best Practices and Education: Stay updated on industry best practices related to SBOMs, software composition analysis, and supply chain Educate development teams on the importance of SBOMs and proper software component management.
WHAT WE THINK THIS ROLE WILL NEED
Bachelor's degree in computer science, business, or related area or at least 2 years of current programming and DevOps/SecOps experience. Relevant security certifications such as Certified DevOps Security Professional (CDSP), Certified Information Systems Security Professional (CISSP), or Certified Cloud Security Professional (CCSP) is a plus.
2+ years of experience: developing and supporting computerized business systems; working with Visual Studio or VS Code; with Azure DevOps, GitHub or similar platforms; with version control and related software management systems (Git, DevOps, TFS).
Some experience with application security scanning , assessment, and AppSec dashboarding tools (e.g. Veracode, GitLab, etc.) Demonstrated experience in DevOps practices and methodologies, including continuous integration, continuous delivery (CI/CD), and infrastructure as code (IaC).
Strong understanding of security concepts, best practices, and common vulnerabilities (e.g., OWASP Top Ten). Proficiency with scripting languages (e.g., Python, Bash) and experience with automation tools (e.g., Ansible, Terraform).
Familiarity with cloud platforms (e.g., Azure) and their security features.
Experience with containerization and orchestration tools (e.g., Docker, Kubernetes) and securing containerized environments. Knowledge of security compliance frameworks and standards (e.g., NIST, CIS).
Solid understanding of software development lifecycle, including software components, dependencies, and versioning.
Familiarity with open-source software, third-party libraries, and licensing concepts.
Experience with software composition analysis (SCA) tools and vulnerability management platforms.
Familiarity with industry standards like SPDX (Software Package Data Exchange) and CWE (Common Weakness Enumeration) is a plus.
WHAT ELSE TO KNOW?
Occasional long hours are necessary, especially around the holiday periods.
WHAT CAN WE OFFER?
Competitive salary and benefits plan, including a matched 401(k) and culture where doing the right thing is the only thing to do...and where you can have fun (Really. It's in our Values. #notstuffy) We're proud of our company and to be an equal opportunity employer. Applicants for employment are considered without regard to race, sex, color, citizenship, national origin, religion, age, marital status, disability, military/uniformed service, sexual orientation, gender identity or expression or any other protected class under applicable federal, state or local law.
The Honey Baked Ham Company LLC is an equal employment opportunity employer. The Company’s policy is not to unlawfully discriminate against any applicant or employee on the basis of race, color, sex, religion, national origin, age, military status, disability, genetic information or any other consideration made unlawful by applicable federal, state or local laws. The Company also prohibits harassment of applicants and employees based on any of these protected categories.