DevSecOps Security lead Engineer

Application deadline closed.

Job Description

Job Description

 

DevSecOps Security lead/Engineer role will have a major role to help implementing shift left security in DevSecOps program and define the required security guardrails, In addition the role will cover leading a team of DevSecOps Security members (Security Testers and Risk Assessors ) as those members will be working with dedicated teams of developers to perform many activities such as security scanning, penetration testing and risk assessment (threat modeling), Also establishing security champion program with secure code warrior

 

Develop and update internal cyber security function processes for DevSecOps program

Craft cyber security function requirements on the DevSecOps program:

  • Cybersecurity tools requirements and the integration to CI/CD pipelines to improve developer productivity, agility and code quality
  • Prepare and present design and implementation documentation to multiple stakeholders.
  • Requirements for Application Security Orchestration & Correlation (ASOC)
  •  Requirements for integrating all Application security tools (DAST, SAST, SCA, IAST, MAST and Threat Modeling) and vulnerability scanning tools ( Nexpose, Qualys, Nessus) with CI/CD tools
  • Requirements for integrating ASOC solution with Issue Tracker
  • Requirements for Integrating ASOC solution with CyberFlows
  • Requirments for Integrating CyberFlows with all Application security tools (DAST, SAST, SCA, IAST, MAST and Threat Modeling) and vulnerability scanning tools ( Nexpose, Qualys, Nessus)
  • Implementing Security Guardrails
  • Mentor and coach junior-level DevSecOps security team member
  • Work closely with cross-functional stakeholders to analyze and troubleshoot complex production issues.
  • Collaborate closely with development teams to understand their current build and release processes and make recommendations for improvement.
  • Partner with cross-functional stakeholders, including development, operations, quality assurance and security, to streamline processes.
  • Provide guidance to development teams to improve the performance and operability of the solutions they develop.
  • Continuously improve automation idea to enable teams to secure code efficiently and consistently.
  • Highlight automated testing requirements to reduce manual effort and improve product quality.