Devsecops (Remote)

1. Lead the development and implementation of DevSecOps practices within the company and extend them as a customer service, integrating security, development, and operations for secure and efficient software delivery.
2. Build relationships with developers, stakeholders and scrum masters to incorporate security principles into engineering design and deployments.
3. Supervise testing and validation in application security controls across projects.
4. Oversee implementation of defensive practices and countermeasures across infrastructure and applications.
5. Draft and uphold CI/CD security strategy and practices in tandem with other technical team leads.
6. Serve as a point of contact for security-based escalations and remain tightly involved through resolution.
7. Build services and tools to enable developers and engineers to easily use security components produced by application security team members. 
8. Simplify automation that applies security inter-workings with CI/CD pipelines.
9. Enrich DevOps architecture with security standards and best practices.
10. Support the ability to “shift left” and incorporate security early on and throughout the development lifecycle with risk assessments, architecture reviews and threat modeling.
11. Identify vulnerabilities in code through automated and manual assessments (SAST, DAST, IAST, RASP, and SCA tools), and promote quick remediation.
12. Communicate vulnerability results in a manner understood by technical and non-technical business units based on risk tolerance and threat to the business, and gain support through influential messaging.
13. Leverage vulnerability database sources to understand the weakness, probability and remediation options supplied by vendors as well as workarounds.  
14. Join forces and provision security principles in architecture, infrastructure and code. 
15. Regularly research and learn new tactics, techniques and procedures (TTPs) in public and closed forums, and work with colleagues to assess risk and implement/validate controls as necessary through the CI/CD pipeline.
16. Partner with teams to define key performance indicators (KPIs) and metrics across business units.
17. Share lessons and takeaways from engagements to improve practice competencies.
18. Openly support the organisation, management and executive leadership team always.
19. Perform other duties as assigned

Skills and Qualifications

• Task Related Skills and Certifications 

1. Bachelor’s degree in Computer Science, Information Technology, or a related field.
2. Five to Seven years’ experience in information technology, information security administration or security operations. 
3. Three or more years of experience in cybersecurity with a product and application security engineering background.

• Competencies and Soft Skills 

1. Experience with SCA, SAST, DAST, IAST and RASP.
2. Experience with public cloud providers (AWS, Azure, GCP).
3. Proficient in securing Windows and *nix operating systems, endpoint applications, networking protocols and devices.
4. Experience with container security, such as Docker and Kubernetes.
5. Knowledge of CI/CD platforms, such as Jenkins and CircleCI.
6. Experience building prototypes of tools and exploits, as well as conducting vulnerability and penetration tests.
7. Proficiency in software development (Java, Rust, Golang, Python, C++, Ruby, etc.).
8. Experience with security requirements for APIs.
9. Knowledge of General Data Protection Regulation (GDPR), Payment Card Industry (PCI), National Institute of Standards (NIST) or International Standards Organization (ISO) requirements.
10. Preferable to have one or more of the following certifications: GWAPT, GWEB, GCSA, CISSP, CSSLP 
11. Exceptional project management skills and capable of managing complex and lengthy engagements.
12. Aptitude for technical writing, combined with outstanding business acumen and communication skills.
13. Effective presentation skills, capable to delivering findings, risk and recommendations to stakeholders.
14. High degree of integrity, trustworthiness and confidence; represents the company and its management team with the highest level of professionalism.
15. Written and verbal proficiency in English languages.