Sr. DevSecOps Engineer

Role:  Sr. DevSecOps Engineer

Location: Bangalore

Working Hours: 12-9PM

Working Model: Hybrid 

 

Intro:

As a DevSecOps engineer, you will provide technical leadership in the DevSecOps areas of  Vulnerability Scanning, Certificate Management, Password Policy Management, Infrastructure As code for Cloud Resource Provisioning, Data Analysis of security monitoring outputs, coordination of Remediation Patching, and other daily Security and Compliance efforts. Additionally, you will assist in developing an automated security framework for robust deployment tools and processes, leveraging various scripting languages and open-source solutions.

 

Some of the things you will be doing:

• Familiarity with DevSecOps ecosystem: Terraform, Ansible, GitHub, Jenkins, Azure DevOps, SAST, DAST & SCA
• Terraform, Ansible and AWS, Azure Architecture, Network and Security Certifications.
• Familiarity with API Security, Container Security, AWS and Azure Cloud Security
• Knowledge of Cloud Resource Provisioning, Cloud Network and Architecture, Cloud Standards and Policies.
• Experience with AWS and Azure Policy, Configuration, and Security Management tools.
• Experience with security automation, Cloud resource provisioning.
• Expertise in programming and scripting languages like Python, NodeJS, SQL query, bash, powershell, and Java.
• Experience with Vulnerable Code remediation.  
• Experience with Vulnerability Management and executive reporting using PowerBI.

 What technical skills, experience, and qualifications do you need?

• Prior experience (8-10 years) in a Production Engineering or related position.
• Experience working with Developers, DevOps, and Engineering teams in a dynamic environment to promote/implement the DevSecOps program throughout the organization.
• Experience coordinating and performing vulnerability assessments through the use of automated and manual tools (SAST, DAST, IAST etc).
• Ability to review and analyze vulnerability data to identify security risks to the organization's network, infrastructure, and application's and determine any reported vulnerabilities that are false positives.
• Capability to prepare security vulnerability and risk management reports for management.
• Leadership and teaming skills to coordinate remediation of vulnerabilities within established timeframes.
• Experience generating and providing executive reports for vulnerability management across DevSecOps Security Products.
• Proficiency in Java Programming, Bash, Powershell, Python, Terraform or other scripting languages.
• Familiarity with Information Security frameworks/standards (i.e. CIS, NIST, RFC2196, etc).
• Comprehension in the security areas of Key Management Systems, Certificate Management, Encryption, Penetration Testing, Vulnerability Scanning, Security and Monitoring tools, etc.
• Experience configuring, implementing, and leveraging computer security and networking diagnostic/monitoring tools.
• Knowledge of Windows and Linux patch management and related information security functions (authentication, encryption, iptables, SSL, Ciphers, etc)
• Ability to work with APIs and Plugins to integrate security tools into established CI/CD pipelines.
• Support code reviews across all code platforms 
• Manage security integration into the SDLC process at CSC 
• Help evolve CSC's application security functions and services 
• Responsible for Security bug intake and remediation process for CSC 
• Responsible for leading the remediation of application vulnerability scanning and penetration testing 
• Manage integration with Static Application Security Testing (SAST) Software Composition Analysis (SCA), Dynamic Application Security Testing (DAST), Infrastructure as a Code (IaC) scanning, Secret Scanning, and Container Image scanning.
• Identify security exposures and develop mitigation plans 
•  Identify, report and fix technical debt. 
• Assist Manager of Application Security on all application security activities 
• Become a representative for the CSC Information Security program 
• Be productive and participate in security initiatives with minimal supervision. 
• Becomes a subject matter expert for security solutions within the CSC platform, knowledge of SANS 25 and Owasp  Top 10.
• Be able to act as a mentor for junior dev, devops and security engineers 
•  Use the tools and technologies used throughout CSC InfoSec. 
• Own and document medium/large epics and follow through until completion.
•  Present security solutions to a larger CSC audience. 
• Troubleshoot issues and performance bottlenecks. 
•  Follow Security best practices. 
• Collaborate with cross functional teams (Engineering, DevOps, Product) while carrying out day-to-day tasks.
•  Participate in requirement gathering with Product/SRE/InfraServices. 
•  Collaborate with cross Business Unit teams (CLS, DBS, Corp Tax, TBS) on implementing standardized security solutions and integrations. 
•  Participate in inner sourcing/procurement initiatives within CSC. 

 What technical skills, experience, and qualifications do you need?

• Strong experience with BI Design and Development for Vuln. Mgmt 
• BE/BTech Degree
• Strong experience in distributed platform development and design 
• Strong foundation in core information security principles and goals. 
• Proven expertise in enterprise security solutions. 
• Knowledge on common and emerging security threats. 
•  In-depth knowledge of security best practices. 
• Ability to assist in leading the InfoSec team 
• Exceptional analytical aptitude and attention to detail.
•  Ability to lead and project drive multiple security initiatives.
• Excellent communication skills.
• Ability to explain complex security topics in simple language 
• Ability to work with Senior Leadership.
• Fast learner / A strong willingness to learn. 
• Good team player who is self-motivated and well organized.