Architect - DevSecOps
Architect - DevSecOps
Posted on :
04-04-2025
Employer Active
1 Vacancy
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Share
Send me jobs like this
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Job Description
Advanced Technical Skills
- DevOps & CI/CD Tools Mastery:
- Expertise in Jenkins GitLab CI CircleCI Travis CI or similar tools for automating build and deployment pipelines.
- Advanced knowledge of Docker Kubernetes Helm and ECS for containerization orchestration and managing microservices.
- Proficiency in Infrastructure as Code (IaC) tools like Terraform CloudFormation Pulumi and Ansible for automating infrastructure provisioning and configuration management.
- Security Automation Tools:
- Handson experience with advanced security tools such as Mend (White Source) SonarQube Aqua Security Snyk OWASP ZAP Qualys and Tenable for vulnerability scanning and code security.
- Cloud Security Expertise:
- Strong experience securing cloud infrastructure using AWS Google Cloud Platform (GCP) Huawei and Azure with a focus on identity and access management (IAM) encryption and network security.
- Familiarity with cloudnative security services such as AWS Security Hub Google Cloud Security Command Center or Azure Security Center.
- Advanced Programming/Scripting Skills:
- Proficiency in programming and scripting languages such as Python Go Ruby Bash or Java to automate security tasks write custom scripts and build security tools.
- Container Security:
- Expertise in securing containerized applications and platforms (e.g. Docker Kubernetes OpenShift including image scanning runtime security and secure orchestration.
- Compliance and Risk Management:
- Deep understanding of regulatory requirements and frameworks like GDPR HIPAA PCIDSS SOC 2 ISO 27001 and how to integrate compliance automation in the DevOps pipeline.
- Experience implementing security and compliance controls across infrastructure and applications.
2. Advanced Security Expertise
- Threat Modeling & Risk Assessment:
- Ability to lead threat modeling sessions and risk assessments for applications infrastructure and cloud environments.
- Skilled in identifying and addressing security risks in software development deployment pipelines and operational environments.
- Security Testing & Code Analysis:
- Expert in integrating SAST (Static Application Security Testing) DAST (Dynamic Application Security Testing) IAST (Interactive Application Security Testing) and RASP (Runtime Application Self Protection) into CI/CD pipelines.
- Lead and guide automated and manual security testing across the entire development lifecycle.
- Incident Response & Forensics:
- Strong experience in leading security incident response including investigation triage and remediation of security breaches.
- Knowledge of digital forensics and postincident analysis.
- Security Architecture Design:
- Ability to design secure architectures for applications and infrastructure considering threats compliance and secure coding practices.
- Proficient in designing secure microservices APIs and serverless applications.
3. Leadership & Collaboration
- Team Leadership:
- Lead and mentor junior and midlevel DevSecOps engineers providing guidance on best practices for security automation and DevOps processes.
- Foster a securityfirst culture within development and operations teams.
- Crossfunctional Collaboration:
- Work closely with development teams security teams and operations teams to ensure security practices are embedded in every stage of the software development lifecycle (SDLC).
- Act as a bridge between security teams and DevOps teams to ensure a seamless integration of security and operations.
- Stakeholder Communication:
- Ability to communicate complex security concepts to nontechnical stakeholders executives and teams including risk assessments recommendations and mitigation strategies.
- Regularly report on security posture vulnerabilities and the status of security initiatives to leadership.
4. Strategic & Operational Skills
- DevSecOps Strategy & Roadmap:
- Define and execute the organizations DevSecOps strategy aligning with business goals and ensuring robust security practices in the CI/CD pipeline.
- Drive continuous improvement of DevSecOps practices including automation policy enforcement and threat mitigation.
- Change Management & Process Improvement:
- Lead efforts to improve development and operational processes ensuring that security is part of the continuous integration and delivery process.
- Contribute to the development of best practices and standards for secure DevOps practices.
- Vulnerability Management & Remediation:
- Lead the vulnerability management program from discovery to remediation ensuring that security issues are prioritized based on risk and business impact.
- Implement automated tools for vulnerability scanning and remediation across the pipeline.
5. Experience & Education
- Work Experience:
- 58 years of experience in DevOps security engineering or related fields with at least 3 years of experience in a senior or lead role in a DevSecOps or security engineering capacity.
- Security Certifications:
- Certifications in security or cloud services are highly valued such as:
- Certified DevSecOps Professional (CDP)
- Certified Information Systems Security Professional (CISSP)
- Certified Cloud Security Professional (CCSP)
- Certified Ethical Hacker (CEH)
- AWS Certified Security Specialty Azure Security Engineer or Google Cloud Security Engineer.
- Cloud & DevOps Certifications:
- Cloud certifications such as AWS Certified DevOps Engineer Google Cloud Professional DevOps Engineer or Microsoft Azure DevOps Engineer are highly desirable.
6. Desirable Additional Skills
- Serverless & Microservices Security:
- Experience with securing serverless architectures (e.g. AWS Lambda Azure Functions) and securing microservices APIs.
- SIEM & Monitoring:
- Experience with Security Information and Event Management (SIEM) tools such as Splunk ELK Stack QRadar or Datadog for detecting and responding to security incidents.
- Advanced Networking and Firewalls:
- Indepth knowledge of networking firewalls and securing communications in cloud and onprem environments.
Soft Skills
- ProblemSolving:
- Strong analytical and troubleshooting skills to address complex security issues in a fastpaced environment.
- Collaboration & Communication:
- Excellent communication skills for interacting with crossfunctional teams executives and external stakeholders.
- Adaptability:
- Ability to keep up with the everevolving security landscape and adapt practices and tools as necessary.
A Senior DevSecOps Engineer plays a crucial role in implementing maintaining and evolving the security aspects of development and operations practices. They are expected to possess not only strong technical skills but also the ability to lead initiatives mentor teams and influence security culture across the organization.
Employment Type
Full Time
Key Skills
Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.
