DevSec Ops

What will you do?

• Build a Culture around Security Engineering Ensure that a healthy security posture is maintained by continuously assessing/monitoring perimeter as well as internal security posture.
• Identify, integrate, monitor, and improve InfoSec controls by understanding business processes.
• Drive a DevSecOps culture in the organization by implementing shift left security culture.
• Conduct security reviews, auditing, penetration testing, risk assessments, vulnerability assessments, threat modeling.
• Install, configure, manage, and maintain mission-critical enterprise applications such as AV, patching, SIEM, DLP, log management and other technical controls. Troubleshoot security system and related issues
• Should have good understanding in working on CSPM
• Should have good understanding in different Services of AWS & GCP, Also need someone who should know DNS.
• Improve Cloud, Application ,Kafka, Database security posture and Kubernetes security using CI/CD Understand by regular gap assessment, Provide support in detection and mitigation of cyber security vulnerability and incidents for Cloud
• Run security automation tools for periodic scans - SAST, DAST, Infrastructure scanning, Compliance check
• Adhere to OWASP guidelines and bring the OWASP maturity model at organisation level.
• Strong understanding of network concepts including TCP/IP, HTTP and TLS, DDoS detection/prevention, and network and host anomaly detection through both automated (NIDS/HIDS) and manual means.
• A good knack for automating infrastructure security as much as possible

Some specific requirements

• Need to have a professional experience of at least 3-4 years acquired in monitoring and improving DevSec Ops tools and processes
• Extensive knowledge in assurance tools such as Fortify, OWASP ZAP, Sonarqube, Open source automation tools and their integrations into CI/CD cycles.
• Understanding of Zero Trust policy and its implementation.
• Identify security weakness across multiple programming languages like Python, Node JS, Java, Go, Javascript, HTML etc
• Participate in incident handling and other related duties to support the information security function.
• Ability to drive security automation and DevSecOps within engineering life cycle, as well as vulnerability/bug remediation
• Good to have audit experience across compliance certifications like ISO 27001/ISMS/PCI DSS / SoC 2
• Experience in Kubernetes Infra, Cloud deployment technologies - AWS, GCP