Working as a member of the Security Architecture team, the DevSecOps Lead will focus on the implementation, management and continuous improvement of security controls.
The DevSecOps Lead will cooperate with Security Architecture and DevOps teams to implement defined security controls in the CI/CD pipeline. The DevSecOps Lead will advise development teams on how to design secure applications and cloud environments. As a person who understands deeply CI/CD pipeline technologies, the role will make decisions (based on security measures) about software deployment in production stage.
- Implement, manage and continuously improve of security controls in Software Development Life Cycle
- Be an Application security advisor
- Make decisions (based on security measures) about software deployment in production stage
- Perform required application security analyses (including threat modeling, risk assessment, business impact etc.)
- Create and adjust automation for Pre-commit, Commit-time, Build-time, Test-time and Deploy-time checks
- Closely cooperate with the rest of architecting/project teams
- A bachelors degree in Computer Science, Engineering, Information Security, or equivalent work experience
- 5+ years of relevant professional experience (Agile development, Continuous Integration and development (CI/CD), Secure software development (SSDLC), Applications IT Security, Cloud Security)
- Proven hands-on experience with automation tools and scripting (Jenkins, Ansible, Terraform)
- Proven hands-on experience with SVN tools like Git, Bit Bucket, Github.
- Deep understanding about security concepts in Enterprise
- Knowledge of industry regulations and requirements such as ISO27001, NIST, PCI-DSS, HIPAA and other industry standards
- Experience in implementing and maintaining security controls and best practices for cloud components like VMs, microservices, serverless functions
- Knowledge of applications security
- Programming experience with scripting languages like Python, Bash, PowerShell
- Experience in development and operations of ELK (Elasticsearch, Logstash, and Kibana, Winlogbeat and Beats) stack
- Experience with AWS and/or Azure Cloud solutions
- Proven hands-on experience with container security tools like Twistlock, Aqua Security, Sysdig, Snyk
- Knowledge of trouble ticketing systems/CRM
- Strong interpersonal and user service skills
- Proficient knowledge about enterprise processes based on ITIL
- English language skills (spoken and written)