Senior DevSecOps Engineer
As a Senior DevSecOps Engineer you will be working on the security strategy governing the application and cloud-based platform infrastructure.
You will work with other infrastructure, DevOps and application engineers to
- understand product and business needs
- provide expertise around application and cloud service development
- define and own clear guardrails, alerts, and Security as Code (SaC) deployments to provide 24/7 protection from malicious traffic, vulnerabilities and other attack vectors
4 - 15 years
-B.Tech/B.E in Computers,
- Review and analyze vulnerability data to identify security risks to the organization's network, infrastructure, and application's and determine any reported vulnerabilities that are false positives.
- Build and maintain a multi-cloud infrastructure architecture aligning security, compliance, performance and resilience
- Provide expertise and best practices for implementing cloud security (internal) and product security (external)
- Assess architectures and designs for security vulnerabilities and suggest and implement proper alternatives
- Oversee the management and remediation of identified security flaws within our development platforms
- Build and maintain monitoring, auditing, and reporting frameworks that produces artifacts that support security and compliance needs
- Develop processes that produce artifacts that support security and compliance requirements
- Automate and codify supporting security systems in all phases of the SLDC.
- Participate in compliance audits as security SME.
- Mentor junior team members and co-workers on security best practices.
Information Security,
- Significant knowledge of security best practices for client-server product architectures, focusing predominantly on cloud-based server development
- Familiarity with API Security, Container Security, GCP/AWS Cloud Security
- Experience with Kubernetes and securing container workloads, networking, PKI infrastructure, authentication protocols like OIDC, OAuth, and SAML.
- Experience with cloud-based security management/IDS/IPS/SIEM tools, security vulnerability assessments, encryption, etc
- Familiarity with Information Security frameworks/standards (i.e. CIS, NIST, SOC2, PCI, GDPR, CCPA, etc)
- CISM, CISSP or other Security Certifications.
- Life-long learner; always looking to stay up to date with latest attack vectors, vulnerabilities, remediation and protection paradigms, etc.
- Self-motivated, proactive, driven individual
- Strong interpersonal, oral, and written communication skills
- Ability to work and collaborate in a fast-paced, geographically dispersed team