DevSecops Engineer

Job Description

1. DevSecOps Integration: Collaborate with development, operations, and security teams to embed security practices into the entire software development lifecycle. Implement and maintain automated security controls throughout the CI/CD pipeline.
2. Infrastructure as Code (IaC): Leverage Infrastructure as Code principles to automate the provisioning and configuration of infrastructure components with a strong focus on security. Implement security controls using tools such as Terraform, Ansible, or Chef.
3. Continuous Monitoring and Incident Response: Establish and maintain continuous monitoring solutions to detect security incidents and vulnerabilities. Develop and execute incident response plans in collaboration with relevant teams.
4. SRE Best Practices: Apply SRE principles to enhance system reliability, performance, and availability. Implement and maintain service level objectives (SLOs) and service level indicators (SLIs) for critical services.
5. Security Automation: Develop and maintain security automation scripts and tools to streamline security operations tasks. Integrate security testing tools into the CI/CD pipeline for automated vulnerability scanning.
6. Collaboration with Development Teams: Work closely with software development teams to understand application architecture and provide guidance on secure coding practices. Conduct regular security reviews of code and architecture.
7. Threat Modeling: Perform threat modeling exercises to identify and address potential security risks in applications and infrastructure. Provide recommendations for mitigating identified threats.
8. Security Awareness and Training: Promote security awareness and provide training to development and operations teams on secure coding and operational practices. Stay informed about the latest security threats and trends.