Genese Solution

Genese Solution

Software Industry

Lalitpur

Genese Solution Pvt. Ltd is Nepal's first Cloud Consulting Company. We have our Head office in the United Kingdom and branch offices in India, Pakistan, Bangladesh, and Australia. We are the one and only Advanced Consulting Partner for Amazon Web Services (AWS) in Nepal. We are also partnered with Google, Microsoft, Alibaba, and Digital Ocean. Genese’s core technical team resides in Nepal and provides consultancy and support worldw ... ide for Cloud Solution.  

View Company Profile

DevSecOps Engineer

Apply Before : 2024-06-03 ((12 Days Left)) View: 2255

Job summary

  • No. of Vacancy
    : 1
  • Job Type
    : Full Time
  • Offered Salary
    : Negotiable
  • Gender
    : Both
  • Career Level
    : Senior Level
  • Experience
    : 5-7 Years
  • Apply Before
    : 2024-06-03 (12 Days Left)
  • Skills
    :
    DevOps

Job Description:

The DevSecOps engineer is an advanced role to help support, secure, manage and deploy solutions that support business objectives. The role is highly technical, and candidates must possess a solid understanding of information security, infrastructure, software and various operating systems. The role also requires an understanding of business goals/strategy and operational requirements in a fast-paced environment. The DevSecOps engineer supports continuous integration and continuous deployment (CI/CD) initiatives and is an integrated team member working with software developers, system engineers, cybersecurity engineers and systems administrators. At times, the DevSecOps engineer acts as a liaison with business stakeholders to understand the strategy and execution outlook. The role is heavily security-focused and ingrained in the CI/CD pipeline automation to deliver security principles and validation at all times. The DevSecOps Engineer is responsible to develop and implement DevSecOps as a service offering to the enterprise and customers.

Roles and Responsibilities:

  • Lead the development and implementation of DevSecOps practices within the company and extend them as a customer service, integrating security, development, and operations for secure and efficient software delivery. 
  • Build relationships with developers, stakeholders and scrum masters to incorporate security principles into engineering design and deployments. 
  • Supervise testing and validation in application security controls across projects. 
  • Oversee implementation of defensive practices and countermeasures across infrastructure and applications. 
  • Draft and uphold CI/CD security strategy and practices in tandem with other technical team leads. 
  • Serve as a point of contact for security-based escalations and remain tightly involved through resolution. 
  • Build services and tools to enable developers and engineers to easily use security components produced by application security team members. 
  • Simplify automation that applies security inter-workings with CI/CD pipelines. 
  • Enrich DevOps architecture with security standards and best practices. 
  • Support the ability to “shift left” and incorporate security early on and throughout the development lifecycle with risk assessments, architecture reviews and threat modeling. 
  • Identify vulnerabilities in code through automated and manual assessments (SAST, DAST, IAST, RASP, and SCA tools), and promote quick remediation.
  • Communicate vulnerability results in a manner understood by technical and non-technical business units based on risk tolerance and threat to the business, and gain support through influential messaging. 
  • Leverage vulnerability database sources to understand the weakness, probability and remediation options supplied by vendors as well as workarounds. 
  • Join forces and provision security principles in architecture, infrastructure and code. 
  • Regularly research and learn new tactics, techniques and procedures (TTPs) in public and closed forums, and work with colleagues to assess risk and implement/validate controls as necessary through the CI/CD pipeline. 
  • Partner with teams to define key performance indicators (KPIs) and metrics across business units. 
  • Share lessons and takeaways from engagements to improve practice competencies. 
  • Openly support the organisation, management and executive leadership team always. 
  • Perform other duties as assigned

Required Knowledge, Skills, and Abilities:

  • Experience with SCA, SAST, DAST, IAST and RASP. 
  • Experience with public cloud providers (AWS, Azure, GCP).
  • Proficient in securing Windows and *nix operating systems, endpoint applications, networking protocols and devices.
  • Experience with container security, such as Docker and Kubernetes. 
  • Knowledge of CI/CD platforms, such as Jenkins and CircleCI. 
  • Experience building prototypes of tools and exploits, as well as conducting vulnerability and penetration tests. 
  • Proficiency in software development (Java, Rust, Golang, Python, C++, Ruby, etc.). 
  • Experience with security requirements for APIs. 
  • Knowledge of General Data Protection Regulation (GDPR), Payment Card Industry (PCI), National Institute of Standards (NIST) or International Standards Organization (ISO) requirements. 
  • Preferable to have one or more of the following certifications: GWAPT, GWEB, GCSA, CISSP, CSSLP 
  • Exceptional project management skills and capable of managing complex and lengthy engagements. 
  • Aptitude for technical writing, combined with outstanding business acumen and communication skills. 
  • Effective presentation skills, capable to delivering findings, risk and recommendations to stakeholders. 
  • High degree of integrity, trustworthiness and confidence; represents the company and its management team with the highest level of professionalism.
  • Written and verbal proficiency in English and Nepali languages.

Education + Experience:

  • Bachelor's degree in Computer Science, Information Technology, or a related field.
  • Five to Seven years’ experience in information technology, information security administration or security operations.
  • Three or more years of experience in cybersecurity with a product and application security engineering background.

Benefits:

  • 5 working days a week (09:00 am-06:00 pm) 
  • Multinational company located in the UK, Australia, Nepal, Bangladesh, Pakistan, Finland, USA and India 
  • Best-in-class work environment with friendly team members (refreshment, recreational, team building activities) 
  • Exposure to team management and leadership 
  • Opportunity to travel to other countries as part of training and development 
  • Work in multidisciplinary areas in a start-up ecosystem

Apply Instruction:

Interested candidates fulfilling the mentioned criteria are encouraged to Apply using the Easy Apply Button below. Registered candidates may also apply using Apply Now Button.