The JobAxle Executive Search Process Service is extremely special and candidate focused. Our experienced Talent acquisition team offers job opportunities to candidates that match the requirement of our clients from different sectors. The entire process is carried out very confidentially because of our client's requirements. Here we effectively identify candidates searching for a change/ seeking a new job. If the skill sets ... and experiences are matched with the required position, we present them to the organization. Every candidate here is smartly documented in our candidate pool. We have been identifying and attracting the best talent from across the world. We guarantee to place the candidate now or near future to their interested job category or organization.
View Company ProfileDevSecOps Engineer
Job summary
-
No. of Vacancy
: 1 -
Job Type
: Full Time -
Offered Salary
: Negotiable -
Gender
: Both -
Career Level
: Senior Level -
Experience
: 4 Years -
Apply Before
: 2024-05-03 Closed
Job Description:
The DevSecOps engineer is an advanced role to help support, secure, manage and deploy solutions that support business objectives. The role is highly technical, and candidates must possess a solid understanding of information security, infrastructure, software and various operating systems. The role also requires an understanding of business goals/strategy and operational requirements in a fast-paced environment. The DevSecOps engineer supports continuous integration and continuous deployment (CI/CD) initiatives and is an integrated team member working with software developers, system engineers, cybersecurity engineers and systems administrators. At times, the DevSecOps engineer acts as a liaison with business stakeholders to understand the strategy and execution outlook. The role is heavily security-focused and ingrained in the CI/CD pipeline automation to deliver security principles and validation at all times. The DevSecOps Engineer is responsible to develop and implement DevSecOps as a service offering to the enterprise and customers.
Roles and Responsibilities:
- Lead the development and implementation of DevSecOps practices within the company and extend them as a customer service, integrating security, development, and operations for secure and efficient software delivery.
- Build relationships with developers, stakeholders and scrum masters to incorporate security principles into engineering design and deployments.
- Supervise testing and validation in application security controls across projects.
- Oversee implementation of defensive practices and countermeasures across infrastructure and applications.
- Draft and uphold CI/CD security strategy and practices in tandem with other technical team leads.
- Serve as a point of contact for security-based escalations and remain tightly involved through resolution.
- Build services and tools to enable developers and engineers to easily use security components produced by application security team members.
- Simplify automation that applies security inter-workings with CI/CD pipelines.
- Enrich DevOps architecture with security standards and best practices.
- Support the ability to “shift left” and incorporate security early on and throughout the development lifecycle with risk assessments, architecture reviews and threat modeling.
- Identify vulnerabilities in code through automated and manual assessments (SAST, DAST, IAST, RASP, and SCA tools), and promote quick remediation.
- Communicate vulnerability results in a manner understood by technical and non-technical business units based on risk tolerance and threat to the business, and gain support through influential messaging.
- Leverage vulnerability database sources to understand the weakness, probability and remediation options supplied by vendors as well as workarounds.
- Join forces and provision security principles in architecture, infrastructure and code.
- Regularly research and learn new tactics, techniques and procedures (TTPs) in public and closed forums, and work with colleagues to assess risk and implement/validate controls as necessary through the CI/CD pipeline.
- Partner with teams to define key performance indicators (KPIs) and metrics across business units.
- Share lessons and takeaways from engagements to improve practice competencies.
- Openly support the organisation, management and executive leadership team always.
- Perform other duties as assigned
Required Knowledge, Skills, and Abilities:
- Experience with SCA, SAST, DAST, IAST and RASP.
- Experience with public cloud providers (AWS, Azure, GCP).
- Proficient in securing Windows and *nix operating systems, endpoint applications, networking protocols and devices.
- Experience with container security, such as Docker and Kubernetes.
- Knowledge of CI/CD platforms, such as Jenkins and CircleCI.
- Experience building prototypes of tools and exploits, as well as conducting vulnerability and penetration tests.
- Proficiency in software development (Java, Rust, Golang, Python, C++, Ruby, etc.).
- Experience with security requirements for APIs.
- Knowledge of General Data Protection Regulation (GDPR), Payment Card Industry (PCI), National Institute of Standards (NIST) or International Standards Organization (ISO) requirements.
- Preferable to have one or more of the following certifications: GWAPT, GWEB, GCSA, CISSP, CSSLP
- Exceptional project management skills and capable of managing complex and lengthy engagements.
- Aptitude for technical writing, combined with outstanding business acumen and communication skills.
- Effective presentation skills, capable to delivering findings, risk and recommendations to stakeholders.
- High degree of integrity, trustworthiness and confidence; represents the company and its management team with the highest level of professionalism.
- Written and verbal proficiency in English and Nepali languages.
Education + Experience:
- Bachelor's degree in Computer Science, Information Technology, or a related field.
- 4+ years of experience in cybersecurity with a product and application security engineering background.
Apply Instruction:
Interested candidates fulfilling the mentioned criteria are encouraged to Apply using the Easy Apply Button below. Registered candidates may also apply using Apply Now Button.
Job Action
Related Jobs
-
DevOps Instructor TechAxis 13 Days Left Quick View