The devsecops engineer ensures that every step of the software development lifecycle (sdlc) follows security best practices, works to automate security processes, embed security testing, and foster a culture of shared responsibility between development, operations, and security teams. They also implement secure coding practices, identify and mitigate vulnerabilities early through tools, review for secure cloud infrastructure, and ensure compliance with security standards to help teams for rapid software delivery.
qualifications
* bachelor (undergraduate) degree in a relevant field (computer science, software engineer, security, or others) or an equivalent combination of education, training, and experience.
* minimum of 5 years of professional experience with any combination of at least 2 technical disciplines, including the following: devsecops, cloud security, network security, application security, mobile security, secure development methodologies, software development and coding, identity management, authentication and authorization, network architecture, system administration, and systems engineering.
* desirable certified devsecops professional (cdp), certified kubernetes administrator (cka) or certified kubernetes security (cks) and hashicorp certified: terraform associate.
responsibilities
* perform security-focused code reviews.
* assist teams in reproducing, triaging, and addressing application security vulnerabilities.
* knowledge of risk mitigation techniques and fixing the code bugs.
* monitoring the processes during the entire lifecycle for its adherence and updating or creating new processes for improvement.
* support and consult with product and development teams in the area of application security
* identifying and deploying cybersecurity measures by continuously performing vulnerability assessment and risk management.
* providing security training and outreach to internal development teams.
* mentoring, guiding team members and customers.
* monitoring, measuring customer experience and kpis.
* use security tools for identifying and mitigating vulnerabilities.
* able to work well with software development teams.
* experience identifying security issues through code review.
* excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.
* familiarity with some common security libraries and tools (e.g. static analysis tools).
* familiarity and ability to explain common security flaws and ways to address them (e.g. Owasp top 10).
* experience in integrating, monitoring and improving devsecops tools and processes, automate routine tasks and improve system reliability.
* development or scripting experience and skills. (preferable python knowledge).
* designing and implementing zero trust security model, automated enforcement, and monitoring of security controls, vulnerability management, code-based compliance and gate reviews, platform-based security controls and guardrails.
this description outlines the general nature and scope of work typically performed in this job. It is not intended to be an exhaustive list of all duties, responsibilities, knowledge, skills, work requirements, etc. It may vary slightly based on business or geographic needs and is subject to being reviewed and updated periodically.
#j-18808-ljbffr