DevSecOps Engineer

Optimiza is in search of a talented DevSecOps Engineer to join our forward-thinking team. This role combines development, security, and operations, focusing on integrating security practices into every phase of the software development lifecycle. If you are passionate about innovative security solutions and enhancing operational efficiencies, we would love to have you on board!

Key Responsibilities:

• Build DevSecOps roadmap and planning to achieve
• Implement and evolve “best practice” security standards for the management and security of cloud/On prem DevOps infrastructure.
• Maintaining an accurate and up-to-date inventory of cloud/DevOps assets, accounts and controls
• Develop and enforce security policies, standards, and best practices for cloud-based and on-premises infrastructure.
• Perform regular security assessments, including code reviews, vulnerability scans to ensure the security of applications and infrastructure.
• Work with development teams to ensure secure coding practices and compliance with security standards.
• Lead efforts to secure Kubernetes clusters and containerized environments.
• Analyze and harden existing infrastructure, observability capabilities along Development/Security/Operation processes.
• Cooperate with the development team to understand requirements and propose infrastructure architecture.
• Design and automate infrastructure deployment through IaC.
• Implement and maintain security tools, processes, and best practices to ensure the confidentiality, integrity, and availability of our applications and infrastructure.
• Follow changes to security policies, procedures, and guidelines to ensure compliance with internal standards.
• Participate in incident response and post-mortem analysis to identify root causes and implement corrective actions for cloud/on prem DevOps platforms
• Design and implement security measures within CI/CD pipelines to ensure that security is integrated throughout the software development lifecycle.
• Work with development teams to ensure secure coding practices are followed and security issues are remediated.
• Collaborate with SOC and security teams to integrate security monitoring with the infrastructure.
• Ensure that all DevOps processes and practices comply with relevant regulatory and compliance requirements
• Maintain documentation and evidence for audits and assessments related to DevSecOps practices.
• Implement automated security compliance checks within CI/CD pipelines to enforce security policies.
• Work closely with development, operations, and security teams to foster a culture of security within the DevOps process.
• Continuously evaluate and improve DevSecOps processes, tools, and practices to enhance security and efficiency
• Conduct threat modeling with the development team to identify, prioritize, and mitigate potential security risks.
• Assess and remediate security vulnerabilities across development, staging, and production environments.
• Manage security tools (e.g., static/dynamic application security testing, SAST/DAST) and ensure such tools are properly integrated into the CI/CD
• integrate new security technologies and methodologies into the DevOps process.

Requirements

• A Bachelor’s degree in Computer Science, Cybersecurity, or a related discipline.
• Over 5 years of experience in DevOps or security engineering positions.
• In-depth knowledge of security frameworks and best practices, including the OWASP Top Ten, NIST, and ISO 27001.
• Experience in cloud security (AWS, Azure, or Google Cloud) and the implementation of security controls.
• Proficient in scripting languages like Python and Bash for automating security tasks.
• Practical experience with vulnerability management and penetration testing tools such as Nessus and Burp Suite.
• Familiarity with container security technologies and methodologies, including Docker and Kubernetes security.
• Comprehensive understanding of network security, application security, and techniques for system hardening.
• Substantial experience in DevOps or a related field, emphasizing security.
• Proven experience with CI/CD tools such as Jenkins, GitLab CI, and CircleCI, as well as cloud platforms like AWS, Azure, and GCP.
• Experience utilizing automation tools and scripting languages, particularly Python and Bash.
• Possession of relevant certifications, including AWS Certified DevOps Engineer, Certified DevSecOps Professional, or other related credentials in DevSecOps.
• Strong grasp of security principles, secure coding practices, and prevalent security vulnerabilities.
• Exceptional analytical and problem-solving abilities, with a proactive stance towards addressing security challenges.
• Certifications such as Certified Information Systems Security Professional (CISSP) and Certified Ethical Hacker (CEH), are highly sought after.

Benefits

• Class A Health Insurance