Other
Salary: Competitive Salary
Job Type: Full time
Experience: Senior Level
SojoJob
Devsecops (Remote)
Devsecops | SojoJob | India
- Lead the development and implementation of DevSecOps practices withinthe company and extend them as a customer service, integrating security,development, and operations for secure and efficient software...
Devsecops | SojoJob | India
- Lead the development and implementation of DevSecOps practices within the company and extend them as a customer service, integrating security, development, and operations for secure and efficient software delivery.
- Build relationships with developers, stakeholders and scrum masters to incorporate security principles into engineering design and deployments.
- Supervise testing and validation in application security controls across projects.
- Oversee implementation of defensive practices and countermeasures across infrastructure and applications.
- Draft and uphold CI/CD security strategy and practices in tandem with other technical team leads.
- Serve as a point of contact for security-based escalations and remain tightly involved through resolution.
- Build services and tools to enable developers and engineers to easily use security components produced by application security team members.
- Simplify automation that applies security inter-workings with CI/CD pipelines.
- Enrich DevOps architecture with security standards and best practices.
- Support the ability to “shift left” and incorporate security early on and throughout the development lifecycle with risk assessments, architecture reviews and threat modeling.
- Identify vulnerabilities in code through automated and manual assessments (SAST, DAST, IAST, RASP, and SCA tools), and promote quick remediation.
- Communicate vulnerability results in a manner understood by technical and non-technical business units based on risk tolerance and threat to the business, and gain support through influential messaging.
- Leverage vulnerability database sources to understand the weakness, probability and remediation options supplied by vendors as well as workarounds.
- Join forces and provision security principles in architecture, infrastructure and code.
- Regularly research and learn new tactics, techniques and procedures (TTPs) in public and closed forums, and work with colleagues to assess risk and implement/validate controls as necessary through the CI/CD pipeline.
- Partner with teams to define key performance indicators (KPIs) and metrics across business units.
- Share lessons and takeaways from engagements to improve practice competencies.
- Openly support the organisation, management and executive leadership team always.
- Perform other duties as assigned
Skills and Qualifications
- Task Related Skills and Certifications
- Bachelor’s degree in Computer Science, Information Technology, or a related field.
- Five to Seven years’ experience in information technology, information security administration or security operations.
- Three or more years of experience in cybersecurity with a product and application security engineering background.
- Competencies and Soft Skills
- Experience with SCA, SAST, DAST, IAST and RASP.
- Experience with public cloud providers (AWS, Azure, GCP).
- Proficient in securing Windows and *nix operating systems, endpoint applications, networking protocols and devices.
- Experience with container security, such as Docker and Kubernetes.
- Knowledge of CI/CD platforms, such as Jenkins and CircleCI.
- Experience building prototypes of tools and exploits, as well as conducting vulnerability and penetration tests.
- Proficiency in software development (Java, Rust, Golang, Python, C++, Ruby, etc.).
- Experience with security requirements for APIs.
- Knowledge of General Data Protection Regulation (GDPR), Payment Card Industry (PCI), National Institute of Standards (NIST) or International Standards Organization (ISO) requirements.
- Preferable to have one or more of the following certifications: GWAPT, GWEB, GCSA, CISSP, CSSLP
- Exceptional project management skills and capable of managing complex and lengthy engagements.
- Aptitude for technical writing, combined with outstanding business acumen and communication skills.
- Effective presentation skills, capable to delivering findings, risk and recommendations to stakeholders.
- High degree of integrity, trustworthiness and confidence; represents the company and its management team with the highest level of professionalism.
- Written and verbal proficiency in English languages.
Show more
Show less
Related Jobs
See more All Other Remote Jobs-
NewSave
-
NewSave
-
NewSave
-
NewSave
-
NewSave
- Save
- Save
- Save
- Save
- Save