ADP is hiring a Senior Container Application Security Engineer

This Hybrid role can sit in Roseland, NJ or Alpharetta, GA

Unlock Your Career Potential: Global Security Organization at ADP. Do you have a passion for going on the offensive to safeguard critical information?

As ADP's Global Security Organization (GSO), we know that our clients rely on us for human capital management solutions, but beyond that, they entrust us with one of their most valuable assets - their employee data. We are honored by this trust and are laser focused on securing data at every step in the information lifecycle, ensuring integrity, confidentiality and compliance with industry and government regulations at all times.

• Drive container security operations including supply chain risk initiatives across ADP's different business units.
• Build and Support security into the DevOps pipelines & help institutionalize the security scanning of container images in line with shift left strategy.
• Provide support for managing supply chain vulnerabilities, image provenance, adversarial container security, and governance risk, and compliance (GRC)
• Assist in developing solutions to generate a Container Security Bill of Materials (CSBom) and Vulnerability Exchange (VEX)
• Promote a culture around secure container development through training, governance, and metrics.
• Maintain awareness of container cybersecurity threats and best practices to enable securing and hardening at scale.
• Customize policies, rules, and alerts to comply with established policies and settings.
• Bring thought leadership into the program and drive excellence.
• Metrics/Reporting
• Identify meaningful KPIs/KRI's to drive progress and improvement
• Provide weekly Scanning and Monitoring reports.
• Create and maintain Standard Operating Procedures (SOP)
• Perform other duties as required.

• Basic knowledge and understanding of container security vulnerabilities (OWASP).
• Understanding of container image formats such as Docker, OCI, etc.
• Experience in implementing and rolling out container scanning solutions as part of container development.
• Familiarity with internet technologies and web development secure coding best practices.
• Understanding CI/CD pipelines covering source control, integration, and deployment (ex: Bitbucket, Jenkins, Rally, JIRA, Artifactory, Nexus, SonarQube, git, Snyk).
• Previous software engineering/architecture experience (Java, C#, .Net, JavaScript, Python) preferred.
• Strong analytical/problem-solving skills and basic cross-functional knowledge across multiple development and security disciplines.
• Experience in training development teams on secure container practices.
• Basic understanding of Test Automation tools and framework - NIST Container Security Framework.
• Ability to communicate security-related concepts to technical and non-technical staff.
• Understanding of Agile methodologies, Cloud, and Container Security.
• Good problem-solving skills, communication and presentation skills.
• Ability to work effectively as part of a remote team.
• Self-motivated with a positive attitude.

• Bachelor's degree or equivalent.
• A plus if you have degree in computer science, Information / Cyber Security, Computer Systems Engineering, Computer Information Systems, or equivalent education and experience required.
• Five years or more experience in various IT or cybersecurity roles, with three or more years of experience specifically in software engineering roles.
• Basic knowledge and understanding of container security and related risks.
• Familiarity with internet technologies and web development best practices.
• Strong analytical/problem-solving skills and basic cross-functional knowledge across multiple development and security disciplines.
• Ability to communicate security-related concepts to a broad range of technical and non-technical stakeholders.
• Understanding of Agile methodologies and container & cloud security.
• Familiarity with microservices architecture and design patterns.
• Good analytic skills, including qualitative and quantitative data analysis to support and defend data-driven decision-making regarding system threats, vulnerabilities, and risk.
• Any of the following are a plus but not necessary: CEH, CISSP, CSSLP, GCIA, GPEN, GWAPT

• Have courageous team collaboration. Courage comes from how associates are willing to have difficult conversations, speak up, be an owner, and challenge one another's ideas to net out the best solution.
• Deliver at epic scale. We deliver real user outcomes using strong judgment and good instincts. We're obsessed with the art of achieving simplicity with a focus on client happiness and productivity.
• Be surrounded by curious learners. We align ourselves with other smart people in an environment where we grow and elevate one another to the next level. We encourage our associates to listen, stay agile, and learn from mistakes.
• Act like an owner & doer. Mission-driven and committed to leading change, you will be encouraged to take on any challenge and solve complex problems. No tasks are beneath or too great for us. We are hands-on and willing to master our craft.
• Give back to others. Always do the right thing for our clients and our community and humbly give back to the community where we live and work. Support our associates in times of need through ADP's Philanthropic Foundation.
• Join a company committed to equality and equity. Our goal is to impact lasting change through our actions.