IN_MPIN_DevSecOps Expert

About us

Bosch has a strong presence in India and sees a need to transform with new mind-sets – operating together with businesses, governments, and consumers – to imagine a future landscape focusing on efficient mobility concepts, clean energy needs, decentralized governance, and convergence on connectivity.

We solve real-world problems that benefit our planet. This includes improving air quality with deep learning, building connected parking solutions with IoT, electrification to fuel cell technology, and driverless cars. We believe in being a neutral partner to help businesses thrive in the mobility space.

About the role

We are building our Mobility Solution Team from scratch in India and are looking for a DevSecOps expert to enable digitalization of the current systems in India. If you have prior experience of leading teams and organizations that are on a DevOps journey, sponsoring development of a generative culture, supporting their teams, and inspiring actions to continuously transform their teams to higher levels of organization performance, then you should go through the below-mentioned details.

Qualifications

• Project a vision, provide intellectual stimulation, inspire collaborative communication, support specific behaviors, and proactively recognize personal behaviors.
• Engage early adopters in small cross-functional teams with shared goals to improve the flow of their value streams using small batch sizes, tools, and incremental processes.
• Employ value-stream mapping to visualize flow, determine metrics, and current state of value-added tasks and waste to guide improvements.
• Use metrics and future state value stream mapping to identify improvement opportunities in people, process, and tools.
• Fearlessly let go of outdated information, work without bias to enthusiastically take in new information that improves effective decision-making and improves the flow of work.
• Design the organization aligned with the vision and improve communication between cross-functional teams using concepts from Target Operating Models, Conway's Law, and SAFe.
• Passionately champion a vision with support from top management. Relentlessly promote changes across the organization incrementally to effect changes.
• Evangelize measurable business outcomes gained with the improved value stream while honestly contrasting prior performance.
• Lead DevSecOps teams to achieve more frequent, secure, quality code deployments, faster lead time from commit to deploy, faster MTTR, lower change failure rates, and team satisfaction.

Capabilities

• Should be able to define Tactics, Techniques, and Procedures (TTPs) to describe how threat agents orchestrate and manage attacks. Threat Models optimize security by identifying objectives and vulnerabilities such as OWASP Top Ten, before defining countermeasures. Continuous Delivery practices are engaged to realize continuous governance, risk management, and compliance.
• Should be able to ensure security is continuously adaptive and auditable by breaking security silos, cultivating a symbiotic relationship between security and other business units. Security-specific practices and integrated toolsets as code (such as security scans) enable automated security KPIs and observable security practices into the DevOps value stream.
• Should identify gaps between traditional waterfall security cultures and fast-paced DevOps cultures, removing them by building collaboration and trust. Through improving credibility, reliability, and empathy while reducing self-interest, decisions are based on advice from everyone affected and people with expertise using systems thinking. Shared metrics assure adaptable governance using discipline, with automation, transparency, and accountability.
• Ensure security is built into the value stream efficiently with empowered development teams implementing features securely, shift-left security testing, tools for automated feedback. Culture improvements instead of policy enforcements ensure security and software engineers are continuously cross-skilling and collaborating.
• Ensure security test and scanning tools are integrated into the CI/CD pipeline to find known vulnerabilities (published CVEs) and common software weaknesses (CWEs). Repetitive security tasks are automated, such as configurations, Fuzz testing, and long-running security tasks. Compliance as Code helps in automating compliance requirements to foster collaboration, repeatability, and continuous compliance.
• Ensure security is integrated into people, process, technology, and governance practices. Continuous security practices for DevSecOps are implemented in onboarding processes for stakeholders. Security practices and outcomes are monitored and improved using data-driven decision making and response patterns. Lean and value stream thinking ensure that security does not cause waste, delays, or constraints for flow.
• Ensure Value Stream Mapping establishes where security activities and bottlenecks currently happen. Collaborative design of a target value state map addresses security requirements, communication, and automation improvements. The scope of the design includes practices for Artifact Management, Risk Management, Identity Access Management, Secrets Management, Encryption, Governance, Risk, and Compliance, Monitoring and Logging, Incident Response, and Learning.

Additional Information

An ideal candidate should have

• Ideal candidates should have a minimum of around 12+ years of experience with at least 3 years of management experience.
• Should have hands-on experience on building or leveraging a Continuous Delivery Pipeline (CDP) – a high-performance innovation engine capable of delivering market-leading solutions at the speed of business.
• Should have managed a hierarchy and a team of at least 50+ Member Engineering team.
• Should be strong in Program Management of large technology projects.
• Technology Skills Required: Building SAAS Platforms, Open Source Technologies, Strong Understanding of DevOps, Cloud Security, Container-based Development, Microservice Architecture, MySQL, NoSQL DB
• B Tech or equivalent degree will be preferred