DevSecops

My client is India's largest omnichannel platform and multi-platform tech company with expertise in retail tech and products in AI, ML, big data ops, gaming crypto, image editing and learning space.
 

Title: DevSecops

Responsibilities:

• Build a Culture around Security Engineering and Ensure that a healthy security posture is maintained by continuously assessing/monitoring perimeter as well as internal security posture.
• Identify, integrate, monitor, and improve InfoSec controls by understanding business processes.
• Drive a DevSecOps culture in the organization by implementing a shift left security culture.
• Conduct security reviews, auditing, penetration testing, risk assessments, vulnerability assessments, and threat modeling.
• Install, configure, manage, and maintain mission-critical enterprise applications such as AV, patching, SIEM, DLP, log management, and other technical controls. Troubleshoot security system and related issues.
• Improve Cloud, Application, Kafka, Database security posture and Kubernetes security using CI/CD Understand by regular gap assessment, Provide support in detection and mitigation of cyber security vulnerability and incidents for Cloud.
• Run security automation tools for periodic scans - SAST, DAST, Infrastructure scanning, Compliance check
• Adhere to OWASP guidelines and bring the OWASP maturity model to the organization level.

Requirements:

• Strong understanding of network concepts including TCP/IP, HTTP and TLS, DDoS detection/prevention, and network and host anomaly detection through both automated (NIDS/HIDS) and manual means.
• A good knack for automating infrastructure security as much as possible.
• Need to have a professional experience of at least 3-4 years acquired in monitoring and improving DevSec Ops tools and processes.
• Extensive knowledge in assurance tools such as BurpSuite, WebInspect, Fortify, OWASP ZAP, Sonarqube, and Open source automation tools, and their integrations into CI/CD cycles.
• Understanding of Zero Trust policy and its implementation.
• Identify security weaknesses across multiple programming languages like Python, Node JS, Java, Go, Javascript, HTML, etc
• Participate in incident handling and other related duties to support the information security function.
• Ability to drive security automation and DevSecOps within the engineering life cycle, as well as vulnerability/bug remediation.
• Ability to perform security assessments for web applications and mobile apps - Android/iOS.
• Proficient in any one programming language (e. g. Python, JavaScript, etc. ) and Git workflows.
• Good to have audit experience across compliance certifications like ISO 27001/ISMS/PCI DSS / SoC 2
• Experience in Kubernetes Infra, Cloud deployment technologies - AWS, GCP.

Place of work