DevSecOps Integration Engineer

DevSecOps Integration Engineer
Remote

Client is looking for
Strong experience as a GitLab developer including onboarding and building CI/CD pipelines (AGDO, Jenkins).
Hands on Integration experience in Gitlab and Migration of any CICD tools (centralised and not just limited to applications)
Experience as full stack developer (Java, .Net ) in the past will be good.
Extensive Scripting in Python for automation and pipeline developing.Job Description

DevSecOps Integration:

• Collaborate with development, operations, and security teams to embed security practices into the entire software development lifecycle
• Implement and maintain automated security controls throughout the CI/CD pipeline.

1. Infrastructure as Code (IaC):

• Leverage Infrastructure as Code principles to automate the provisioning and configuration of infrastructure components with a strong focus on security.
• Implement security controls using tools such as Terraform, Ansible, or Chef. 3. Continuous Monitoring and Incident
• Response: Establish and maintain continuous monitoring solutions to detect security incidents and vulnerabilities.
• Develop and execute incident response plans in collaboration with relevant teams. 4. SRE Best Practices: Apply SRE principles to enhance system reliability, performance, and availability. Implement and maintain service level objectives (SLOs) and service level indicators (SLIs) for critical services. 5. Security Automation: Develop and maintain security automation scripts and tools to streamline security operations tasks. Integrate security testing tools into the CI/CD pipeline for automated vulnerability scanning. 6.

Collaboration with Development Teams:

• Work closely with software development teams to understand application architecture and provide guidance on secure coding practices.
• Conduct regular security reviews of code and architecture.
• Threat

Modeling:

• Perform threat modeling exercises to identify and address potential security risks in applications and infrastructure.
• Provide recommendations for mitigating identified threats.

1. Security Awareness and Training:

• Promote security awareness and provide training to development and operations teams on secure coding and operational practices.
• Stay informed about the latest security threats and trends.

Qualifications:

• Bachelor s degree in Computer Science, Information Security, or a related field.
• Relevant industry certifications such as CISSP, AWS Certified Security, or Certified Kubernetes Security Specialist (CKS).
• Proven experience in both DevOps and SRE roles, with a focus on security integration.
• Strong knowledge of cloud platforms (e.g., AWS, Azure, Google Cloud Platform) and container orchestration tools (e.g., Kubernetes).
• Proficiency in scripting languages (e.g., Python, Bash) for automation.

Skills:

• Expertise in security best practices and methodologies.
• Hands-on experience with security tools and technologies.
• Strong problem-solving and analytical skills.
• Excellent communication and collaboration skills.