DevSecOps Engineer

Job Role: DevSecOps Engineer

Experience: 5 to 12years

Location: 100% Remote

Job Type: Contract

Contract Duration: Long Term

Job Description

Work Time: Initial 2 weeks, needs to work on ET timezone, then can work on 1 to 10 PM or 2 to 11 PM IST

JOB DESCRIPTION & RESPONSIBILITIES

• Become an expert in the Company//'s technology stack to understand points of weakness and

opportunities for security solutions.

• Assist in monitoring Company//'s IT control environment to identify key risks, related controls

and gaps, document and report results to management.

• Assist with third party vulnerability testing process; document and report results to

management.

• Collaborate with internal stakeholders on addressing systemic security issues.
• Perform monitoring of security tools and oversee remediation of items identified.
• Proactively identify threats and vulnerabilities, and collect, correlate, and analyze data to

detect actual or potential security related incidents, and ensure timely remediation by the

applicable party.

• Identify, implement, and maintain the controls and procedures required to cost effectively

and uniformly protect Compay//'s information system assets.

• Monitor, track, and document information security related incidents to ensure a prompt and

efficient resolution.

• Provide support and evidence collection for internal and external audits and risk assessments.
• Consults with management to assist with developing corrective action plans for identified

audit, risk, Information Security, and IT findings.

• Research, design, and participate in or lead the implementation of security initiatives.
• Stay current on the latest information technology and security trends; recommend corrective

actions as identified and needed through Information Security initiatives.

• Assist in developing Company//'s-wide best practices for IT and Information security.

PRIMARY SKILLS

• 4-6 years of experience with design, testing, development, migration & integration within a

medium-to-large organization.

• Experience conducting vulnerability scans and validating scan data across workstation, server,

network, and peripheral devices.

• Operational experience with Vulnerability scanning, Incident Response, Endpoint Detection and

Response, Monitoring and Logging including hardware refresh, software testing, software

upgrades, and complex troubleshooting techniques.

• Current experience in security threats, solutions, security tools and network technologies along

with a keen ability to diagnose and troubleshoot technical issues.

• Proven knowledge of core AWS products and services (e.g. VPC, EC2, S3, RDS, ELB, ALB, WAF,

Lambda), AWS (Iaas & Paas Components).

• Proficiency is one or more programming languages (Python, Java, Go etc.)
• Proficiency in both Windows and Linux architectures.
• Hands-on experience with vulnerability scanning tools: for example, tools such as Qualys, Rapid7

-Nexpose, or Tenable - Nessus, etc.

• Hands-on experience with EDR tools: for example, tools such as Tanium, Crowdstrike, Cisco AMP,

McAfee, etc.

• Working knowledge of network monitoring, management, and analysis tools such as, Splunk,

Loggly, Kibana, or similar.

• Experience with deployment orchestration, automation, and security configuration management

(Jenkins, Puppet, Chef, Cloudformation, Terraform, Ansible) preferred.

• Ability to utilize a variety of tools like Stash, Git, Nexus, Jenkins, Gradle, Groovy, YML, and AWS

security capabilities (WAF, GuardDuty, Security Groups, IAM, etc)

• Familiarity with configuration baseline standards such as CIS Benchmarks or DISA STIGs.
• Strong communication and presentation skills
• Certifications such as CISSP, GSEC, CEH etc. (nice to have)