We're in search of a DevSecOps Engineer who's ready to help us improve our customer experience by building functional systems that bring our business to new heights. You'll also be working in conjunction with like-minded departments, such as software engineering, to deploy the new products and manage our infrastructure, associated processes, and systems.
Responsibilities
- Develop and implement the DevSecOps strategy in alignment with the firm's security policies and business objectives.
- Lead the integration of security into the DevOps CI/CD pipelines.
- Advocate for security best practices within the development and operations teams.
- Collaborate with development teams to design and implement secure software development practices.
- Integrate automated security testing tools and techniques into the CI/CD pipelines.
- Lead efforts to identify, prioritize, and remediate security-related issues across infrastructure and the software development lifecycle.
- Work with developers to communicate and track critical security vulnerabilities within application code.
- Coordinate and lead incident response activities related to application security breaches, including conducting root cause analysis and implementing preventive measures.
- Develop and maintain incident response plans and playbooks.
- Identify, assess, and mitigate security risks within the DevOps environment.
- Serve as the primary liaison between the security, development, and operations teams.
- Provide training and awareness programs on secure coding practices and security tools.
- Communicate security-related updates, risks, and mitigation strategies to senior management and other stakeholders.
- Evaluate, implement, and manage security tools and technologies that enhance DevSecOps capabilities.
- Automate security processes to increase efficiency and reduce human error.
- Monitor and maintain security tool integrations within the CI/CD pipelines.
- Ensure compliance with relevant regulatory requirements and industry standards.
- Participate in audits, provide necessary documentation and support, and manage and perform security audits and reviews.
Requirements
- Familiarity with API Security, Container Security, and AWS Cloud Security.
- Experience in identifying, prioritizing, and remediating security issues across infrastructure and the software development lifecycle.
- Experience in managing incident response activities and performing root cause analysis.
- Strong understanding of secure software development practices and automated security testing tools.
- Strong knowledge of regulatory requirements and experience in ensuring compliance.
- Experience in managing security tools and automating security processes.
- Experience in managing and performing security audits and reviews.
- 5+ years of experience with products running on Private and Public data centers.
- Strong experience with Linux-based infrastructures, Linux/Unix administration, and AWS.
- Strong experience with databases such as PostgreSQL, NoSQL, MongoDB, Elasticsearch, SOLR, Redis, etc.
- Experience with monitoring solutions (e. g. AppDynamics, DataDog, Icinga, New Relic).
- Experience in Infrastructure as code using Puppet, Chef, Terraform, Ansible, and CloudFormation.
- Knowledge of scripting languages such as Python, Ruby, Groovy, and Bash.
- Experience with open-source technologies and cloud services.
- Strong communication skills and ability to explain protocol and processes with the team and management.
- More than 3 years of experience in a DevOps Engineer role (or similar role); experience in software development and infrastructure development is a plus.
- Stellar troubleshooting skills with the ability to spot issues before they become problems.
- Current with industry trends, IT ops, and industry best practices, and able to identify the ones we should implement.
- Solid team player.
This job was posted by Amit Sharma from Ionic Wealth.
