Job Description

•  Must have 6+ years of experience in intertwining security measures within DevOps practices. You will be pivotal in bolstering the security posture by embedding robust security frameworks into CI/CD pipelines and optimizing post-scan workflows.
• Your role will support a critical mission to enhance vulnerability assessment methodologies, swiftly triage security findings, and spearhead initiatives to uplift security standards across diverse development and infrastructure environments.
• You’ll get to integrate and automate security tools, such as SAST, DAST, software composition analysis, and container scanning into a seamless CI/CD process to create a culture of security-first development.
• Participating actively in the management of post-scan activities will include:
  • Triage findings with a focus on risk-based prioritization for vulnerabilities.
  • Collaborate with development teams to track remediation status and ensure timely resolutions.
• Additionally, you will perform and support comprehensive vulnerability assessments for both application and infrastructure assets.
• Your responsibilities will involve close collaboration with DevOps and Security teams to establish and enforce effective security practices that dovetail with agile methodologies.
• Leverage your expertise to develop workflows that ensure secure builds, artifact signing, and automating secure release processes, enhancing our operational efficiency.
• You will also configure and manage infrastructure as code (IaC) tools such as Terraform and Ansible, embedding security controls to safeguard our automation processes.
• Monitoring, logging, and alerting mechanisms will be part of your project to establish a strong security monitoring strategy for all deployed workloads, ensuring rapid response to potential threats.
• Your contributions will not just stop at implementation; you’ll be responsible for generating insightful reports, metrics, and dashboards to track security posture and compliance across multiple environments.

͏

• **Required Skills & Experience:**
• · A minimum of **6 years** experience in DevOps and Security Engineering roles, showcasing a strong foundation in both domains.
• · Proficient in integrating security tools such as **SonarQube, Fortify, Checkmarx**, and others to create a robust security framework.
• · Solid understanding of CI/CD practices using tools like **Jenkins, GitLab CI**, and **GitHub Actions**, paired with modern source control management workflows.
• · Expertise in vulnerability management, understanding of CVSS scoring, and risk assessment methodologies that align with best practices.
• · Experienced with widespread cloud platforms like **AWS, Azure,** and **GCP**, especially their security features and compliance landscapes.
• · Familiar with container ecosystems, notably **Docker** and **Kubernetes** along with runtime scanning practices to ensure container security capabilities.

͏

͏

͏