DevSecOps Security lead/Engineer
Job Description
Job Description
Role Overview
DevSecOps Security lead/Engineer role will have a major role to help implementing shift left security in DevSecOps program and define the required security guardrails, In addition the role will cover leading a team of DevSecOps Security members (Security Testers and Risk Assessors ) as those members will be working with dedicated teams of developers to perform many activities such as security scanning, penetration testing and risk assessment (threat modeling), Also establishing security champion program with secure code warrior
Key Responsibilities
Develop and update internal cyber security function processes for DevSecOps program
Craft cyber security function requirements on the DevSecOps program:
- Cybersecurity tools requirements and the integration to CI/CD pipelines to improve developer productivity, agility and code quality
- Prepare and present design and implementation documentation to multiple stakeholders.
- Requirements for Application Security Orchestration & Correlation (ASOC)
- Requirements for integrating all Application security tools (DAST, SAST, SCA, IAST, MAST and Threat Modeling) and vulnerability scanning tools ( Nexpose, Qualys, Nessus) with CI/CD tools
- Requirements for integrating ASOC solution with Issue Tracker
- Requirements for Integrating ASOC solution with CyberFlows
- Requirments for Integrating CyberFlows with all Application security tools (DAST, SAST, SCA, IAST, MAST and Threat Modeling) and vulnerability scanning tools ( Nexpose, Qualys, Nessus)
- Implementing Security Guardrails
- Mentor and coach junior-level DevSecOps security team member
- Work closely with cross-functional stakeholders to analyze and troubleshoot complex production issues.
- Collaborate closely with development teams to understand their current build and release processes and make recommendations for improvement.
- Partner with cross-functional stakeholders, including development, operations, quality assurance and security, to streamline processes.
- Provide guidance to development teams to improve the performance and operability of the solutions they develop.
- Continuously improve automation idea to enable teams to secure code efficiently and consistently.
- Highlight automated testing requirements to reduce manual effort and improve product quality.
Skills
Experience :
We are looking to hire DevSecOps team leader who is capable to lead a team of penetration testers and threat modelers with following experience and skills:
• Experience with agile development and strong understanding of DevOps principles.
• Has extensive experience in penetration testing and threat modeling
• Has extensive knowledge about IT change management and DevSecOps methodology
• Has experience in establishing effective DevSecOps Security team
• Has experience in establishing security champion program or secure code warrior
• Has experience in establishing and configuring Application Security Orchestration & Correlation (ASOC)
• Has experience in (DAST , SAST, SCA, IAST, MAST and Threat Modeling ) Solutions
• Has experience in CI/CD pipeline
• Strong collaboration skills, with a demonstrated ability to work well as part of a team.
• Strong analytical and troubleshooting skills.
• Strong verbal and written communication skills.
• Has experience in securing docker and Kubernetes
Qualifications:
Preferred Bachelor’s degree or equivalent applied experience
Preferred [8+] years of relevant DevSecOps experience
Preferred [5+] years of relevant penetration testing, threat modeling and security scanning tools
Preferred EXIN DevSecOps Manager certificate
Preferred Global Skill Development Council’s (GSDC) Certified DevSecOps Engineer certificate
Preferred GIAC Cloud Security Automation (GCSA) certificate
Preferred Certified DevSecOps Professional CDP certificate