DevSecOps Engineer

Senior DevSecOps Engineer

 

 

Required knowledge, skills and experience of the candidate

  • 5+ years of experience working in application development environment and application/product security.
  • 3+ years of experience in designing and developing automation.
  • Experience in performing security vulnerability assessments & manual penetration testing of enterprise applications and cloud infrastructure.
  • Experience in automated testing of web applications and web services in a fast-moving and agile environment.
  • Passion for DevOps and strong skills in at least one scripting language (Ruby/Python or equivalent).
  • Passion for DevOps and strong skills in at least one scripting language (Ruby/Python or equivalent).
  • Proficient in coding and debugging in Java.
  • Experience with CI/CD – Deployment pipeline (Jenkins, Ansible, Terraform).
  • Experience with a broad range of security technologies including, SAST, DAST, RASP, DLP, IDS/IPS, IAM, Certificate Management, etc.
  • Strong knowledge of technology and security topics including network and application security, infrastructure hardening, security baselines, web server, and database security. 
  • Ability to communicate technical security requirements to technical and non-technical personnel.
  • Ability to collaborate with technical and vendor personnel, cloud service providers.
  • You will evaluate and recommend new and emerging security products and technologies.
  • You have excellent presentation and writing skills.

Your responsibilities will include

  • Assisting in developing an automated framework for Security tool deployment and development, leveraging various scripting languages and open source/ commercial solutions to support product security and product SOC.
  • Performing vulnerability assessments & penetration testing of web & mobile applications inside cloud infrastructure. Providing vulnerability remediation strategies to engineering teams and verify security patches.
  • Owning and managing our security vulnerability monitoring and intrusion detection systems. Ensuring we are proactively fixing issues raised.
  • Implementing innovative solutions to scale the program with emphasis on automation where applicable.
  • Working closely with engineering teams to ensure we are considering security when architecting and building new systems.
  • Acting as internal DevSecOps evangelist, demonstrating the benefits of embedding security and compliance into DevOps.
  • Developing procedures to automate security and compliance checks during code builds and deployments. 
  • Writing and maintaining relevant documentation.

Application Form

    I prefer to be connected via: