DevSecOps Engineer Job Description

As a DevSecOps Engineer, you'll play a critical role in ensuring the seamless integration of security practices into the software development lifecycle. Your expertise will bridge the gap between development, security, and operations, championing robust security measures from the outset. Here are the key details:

Objectives of This Role:

Integrate Security into SDLC:

• Seamlessly integrate security features throughout the software development life cycle (SDLC).
• Identify and mitigate security risks, implementing effective security controls.

Secure Code and Applications:

• Develop applications and secure code to protect against risks and data breaches.
• Collaborate with cross-functional teams to ensure security alignment.

Responsibilities & Skills:

• Experience working with Github Actions and Terraform, building pipelines to deploy infrastructure and applications to Azure Cloud landing zones
• Deep knowledge and understanding of common DevOps practices involving Automation, CI/CD, deployments, approval gates, hooks, and various methods for deploying software applications through multiple environments to target platforms
• Experience with software Testing tools and frameworks
• Extensive Experience and proficiency with GIT source code control and different branching strategies such as "trunk based development"
• Ability to direct and manage dev teams on best practices and usage patterns for devops CI/CD and automation leading to more secured software application deployments
• Well versed in software bill of material and software supply chain analysis and safe practices
• Experience creating and administering CI/CD tooling such as Azure Dev Ops, Jenkins, git hub actions
• Experience with and deep understanding of difference vulnerability scanning techniques and their relevant tools such as SAST, DAST, SCA, IAST security scanning
• Solid understanding of SDLC processes, modern programming stacks and their relevant vulnerabilities, .NET and Java
• Operational experience and knowledge in common security scanning tooling and integration into CI/CD pipelines such as Azure DevOps, GitHub, Jenkins. e.g. Veracode, AppScan, CheckMarx, Snyk, Contrast, Sonar, Synopsis
• Familiarity with OWASP and NIST standards and best practices for application security
• Ability to assess false positives in security scanning tooling and give feedback and guidance to development teams on security scanning results
• Experience Adding security scanning tooling tasks to pipeline
• Ability to perform automation and scanning of applications written or created with .NET and Java Development stacks
• Participate in design and code reviews, aligning with architectural goals.