Role: SecOps Engineer
Location: Remote
Please share with below skill matrix.
· SecOps automation: How many years exclusive exp?
· Have you worked as part of Infosec team or security automation team?
· What are the security products do you have experience?
· sonarcube, veracode, akamai
· What is the scripting, programming languages do you have experience?
· python, SQL, shell à
· Experience on leveraging security tools API’s?
Job Description -
We are seeking a skilled and experienced SecOps Engineer. The ideal candidate will have a strong background in DevSecOps practices, including the integration of security tools within CI/CD pipelines.
A programming background and familiarity with AWS are highly desirable.
SecOps Automation: (Any of strong experience on below 2 or 3 skills)
· Developing Security Framework and integrating in CI/CD lifecycle
· Security areas -- Security baselines rules, for code, for infrastructure...
· SAST, DAST, IAST (Mandatory)
· *** synk
· Vercode
· Checkmarx
· Prisma cloud
· Fortify
· burpsuite
· qualys
· appscan
· Setting up these tools, automating the processes
· Understanding on leveraging security tool API's
Certifications – (Nice to Have)
· Offensive Security Certified Professional (OSCP)
· Offensive Security Wireless Professional (OSWP)
· Certified Ethical Hacker (CEH)
· EC-Council Certified Security Analyst (ECSA)
· Certified Secure Software Lifecycle Professional (CSSLP)
· QualysGuard Certified
· Appscan Certified
Key Responsibilities:
· Integrate Security Tools: Develop and implement security tools and practices into our CI/CD pipelines to ensure secure software development and deployment.
· Automation: Automate security testing and monitoring within the CI/CD pipelines to detect vulnerabilities early in the development cycle.
· Collaboration: Work closely with development, operations, and security teams to ensure seamless integration and adoption of security practices.
· Security Assessments: Conduct regular security assessments and audits to identify and mitigate potential security risks.
· Incident Response: Assist in the development and implementation of incident response plans and procedures.
· Continuous Improvement: Stay up to date with the latest security trends, tools, and best practices to continuously improve our security posture.
· Documentation: Maintain comprehensive documentation of security processes, tools, and procedures.
Qualifications:
· Experience: Proven experience in DevSecOps and the integration of security tools within CI/CD pipelines.
· Technical Skills:
o Familiarity with CI/CD tools (e.g., Jenkins, GitLab CI, CircleCI, etc.).
o Experience with security tools such as SAST, DAST, vulnerability scanners, and more.
o Strong programming skills in languages such as Python, Java, or similar.
o Hands-on experience with AWS and its security services.
· Knowledge: In-depth understanding of security principles, DevOps practices, and cloud security.