Architect DevSecOps

Job Description:

Advanced Technical Skills
 DevOps & CI/CD Tools Mastery:
o Expertise in Jenkins, GitLab CI, CircleCI, Travis CI, or similar tools for
automating build and deployment pipelines.
o Advanced knowledge of Docker, Kubernetes, Helm, and ECS for
containerization, orchestration, and managing microservices.
o Proficiency in Infrastructure as Code (IaC) tools like Terraform,
CloudFormation, Pulumi, and Ansible for automating infrastructure
provisioning and configuration management.

 Security Automation Tools:
o Hands-on experience with advanced security tools such as Mend.io
(White Source), SonarQube, Aqua Security, Snyk, OWASP ZAP,
Qualys, and Tenable for vulnerability scanning and code security.

 Cloud Security Expertise:
o Strong experience securing cloud infrastructure using AWS, Google
Cloud Platform (GCP), Huawei and Azure, with a focus on identity and
access management (IAM), encryption, and network security.
o Familiarity with cloud-native security services such as AWS Security Hub,
Google Cloud Security Command Center, or Azure Security Center.

 Advanced Programming/Scripting Skills:
o Proficiency in programming and scripting languages such as Python, Go,
Ruby, Bash, or Java to automate security tasks, write custom scripts, and
build security tools.
 Container Security:
o Expertise in securing containerized applications and platforms (e.g.,
Docker, Kubernetes, OpenShift), including image scanning, runtime
security, and secure orchestration.
 Compliance and Risk Management:

o Deep understanding of regulatory requirements and frameworks like
GDPR, HIPAA, PCI-DSS, SOC 2, ISO 27001, and how to integrate
compliance automation in the DevOps pipeline.
o Experience implementing security and compliance controls across
infrastructure and applications.

2. Advanced Security Expertise
 Threat Modeling & Risk Assessment:
o Ability to lead threat modeling sessions and risk assessments for
applications, infrastructure, and cloud environments.
o Skilled in identifying and addressing security risks in software
development, deployment pipelines, and operational environments.

 Security Testing & Code Analysis:
o Expert in integrating SAST (Static Application Security Testing), DAST
(Dynamic Application Security Testing), IAST (Interactive Application
Security Testing), and RASP (Runtime Application Self Protection)
into CI/CD pipelines.
o Lead and guide automated and manual security testing across the entire
development lifecycle.
 Incident Response & Forensics:
o Strong experience in leading security incident response, including
investigation, triage, and remediation of security breaches.
o Knowledge of digital forensics and post-incident analysis.
 Security Architecture Design:
o Ability to design secure architectures for applications and infrastructure,
considering threats, compliance, and secure coding practices.
o Proficient in designing secure microservices, APIs, and serverless
applications.
3. Leadership & Collaboration
 Team Leadership:
o Lead and mentor junior and mid-level DevSecOps engineers, providing
guidance on best practices for security, automation, and DevOps
processes.

o Foster a security-first culture within development and operations teams.
 Cross-functional Collaboration:
o Work closely with development teams, security teams, and operations
teams to ensure security practices are embedded in every stage of the
software development lifecycle (SDLC).
o Act as a bridge between security teams and DevOps teams to ensure a
seamless integration of security and operations.

 Stakeholder Communication:
o Ability to communicate complex security concepts to non-technical
stakeholders, executives, and teams, including risk assessments,
recommendations, and mitigation strategies.
o Regularly report on security posture, vulnerabilities, and the status of
security initiatives to leadership.

4. Strategic & Operational Skills
 DevSecOps Strategy & Roadmap:
o Define and execute the organization's DevSecOps strategy, aligning with
business goals and ensuring robust security practices in the CI/CD
pipeline.
o Drive continuous improvement of DevSecOps practices, including
automation, policy enforcement, and threat mitigation.

 Change Management & Process Improvement:
o Lead efforts to improve development and operational processes, ensuring
that security is part of the continuous integration and delivery process.
o Contribute to the development of best practices and standards for secure
DevOps practices.

 Vulnerability Management & Remediation:
o Lead the vulnerability management program, from discovery to
remediation, ensuring that security issues are prioritized based on risk and
business impact.
o Implement automated tools for vulnerability scanning and remediation
across the pipeline.
5. Experience & Education

 Work Experience:
o 5-8+ years of experience in DevOps, security engineering, or related
fields, with at least 3 years of experience in a senior or lead role in a
DevSecOps or security engineering capacity.

 Security Certifications:
o Certifications in security or cloud services are highly valued, such as:
 Certified DevSecOps Professional (CDP)
 Certified Information Systems Security Professional (CISSP)
 Certified Cloud Security Professional (CCSP)
 Certified Ethical Hacker (CEH)
 AWS Certified Security Specialty, Azure Security Engineer, or
Google Cloud Security Engineer.

 Cloud & DevOps Certifications:
o Cloud certifications, such as AWS Certified DevOps Engineer, Google
Cloud Professional DevOps Engineer, or Microsoft Azure DevOps
Engineer, are highly desirable.

6. Desirable Additional Skills
 Serverless & Microservices Security:
o Experience with securing serverless architectures (e.g., AWS Lambda,
Azure Functions) and securing microservices APIs.

 SIEM & Monitoring:
o Experience with Security Information and Event Management (SIEM)
tools such as Splunk, ELK Stack, QRadar, or Datadog for detecting and
responding to security incidents.
 Advanced Networking and Firewalls:
o In-depth knowledge of networking, firewalls, and securing communications
in cloud and on-prem environments.

Soft Skills
 Problem-Solving:

o Strong analytical and troubleshooting skills to address complex security
issues in a fast-paced environment.
 Collaboration & Communication:
o Excellent communication skills for interacting with cross-functional teams,
executives, and external stakeholders.

 Adaptability:
o Ability to keep up with the ever-evolving security landscape and adapt
practices and tools as necessary.

A Senior DevSecOps Engineer plays a crucial role in implementing, maintaining, and
evolving the security aspects of development and operations practices. They are
expected to possess not only strong technical skills but also the ability to lead initiatives,
mentor teams, and influence security culture across the organization.