DevSecOps Engineer

About the Role:

As a DevSecOps Engineer at Foundation AI, you;ll lead efforts to enhance security for infrastructure and products. You need technical expertise in identifying and addressing security vulnerabilities, ensuring compliance, and integrating security best practices across the development lifecycle. Your role also involves collaborating with cross-functional teams to embed security throughout the development process.

Responsibilities:

Work Location Commitment: As a DevSecOps Engineer, you are expected to work from our office in Hyderabad. This reflects our preference for in-person collaboration and a commitment to team cohesion.

Rich Industry Experience: You should possess a substantial 3-6 years of experience in DevSecOps and DevOps & should have worked for product-based companies (Startup/Scaleup). This extensive experience underscores your ability to navigate complex DevsecOps challenges effectively.

Infrastructure as Code (IaC) Security: Ensuring that application configurations are secure and compliant with security policies. Performing security checks on infrastructure code (e.g., Terraform, CloudFormation) to ensure that resources are provisioned securely.

Operating System Expertise: Your command over operating systems is particularly vital, with a strong emphasis on Linux. This expertise ensures a solid foundation for managing and optimizing system-level operations.

DevSecOps Methodology: By incorporating security into the DevOps workflow, DevSecOps aims to identify and mitigate security vulnerabilities more effectively, reduce the risk of security breaches, and accelerate the delivery of secure software.

Static Application Security Testing (SAST): Scanning the code for security vulnerabilities using tools like SonarQube, Checkmarx, or Fortify as part of the build process.

Dynamic Application Security Testing (DAST): Conducting security testing on running applications to find vulnerabilities that attackers can exploit. Tools like OWASP ZAP or Burp Suite can be integrated into the pipeline.

Effective Communication and Collaboration: Exceptional communication and collaboration skills are essential. You work closely with cross-functional teams, bridging the gap between development and operations, and ensuring smooth coordination.

Cloud-Native Proficiency: Knowledge of security tools specific to cloud-native environments, such as container security scanners, cloud security posture management (CSPM) tools, and cloud workload protection platforms (CWPP).

Understanding Distributed Computing: A solid grasp of Distributed Computing principles is fundamental. It enables you to design and implement systems that can handle complex, distributed workloads effectively.

Coding Prowess: Your coding skills, particularly in Bash Shell Scripting and Python, will play a pivotal role. These skills empower you to automate tasks and develop tools to enhance system reliability and efficiency.

Role:

Assist SDEs and DevOps teams on secure deployment and best practices.

Create a Knowledge base on security vulnerabilities and test cases.

Perform security testing on Web and Mobile assets through a checklist

Work closely with the Product team and SDE/QA to fix vulnerabilities/ issues faced by customers

Perform red team and phishing exercises to improve security posture

Assist/ mentor teammates on security test cases and day-to-day activities

Work on incident management and third-party security reports

Initiate and improve responsible disclosure/ Bug bounty program

Brown bag sessions and presentations to the tech team on security best practices and improvements

Work closely with business stakeholders and influence the security policy of the org

Good to have but not mandatory:

AWS Security Speciality/ CEH/ OSCP/ CISSP/ CRTP/ CKA/ CKSS

Working knowledge of Kubernetes, and AWS architecture.

Worked with CSPM tools like Pingsafe/Wiz.

Comfortable implementing open-source security tools in the CI/CD pipeline.

Qualifications:

Experience of 3-6 years.

Minimum 1-2 years of experience in product security

You are a hands-on engineer who leads by doing.

Strong knowledge of OWASP Vulnerabilities.

Working knowledge of WAF rules to protect from DoS/DDoS attacks

Strong knowledge of SCA, SAST & DAST tools and their integration

Working knowledge of Git, Ansible, Kubernetes, Burpsuite

Understanding of AWS and Azure services.

Experience building CI/CD pipelines for container security.

Familiarity with Linux and Windows operating systems.

Education: A BTech degree in Computer Science or equivalent experience relevant to the functional area.

Interview Process:

Application Review: Your application will be thoroughly reviewed by our hiring team to assess your qualifications and experience.

Technical Interview: If shortlisted, You will have a technical interview & assessment to evaluate your technical skills and problem-solving abilities.

Technical Interview & Assessment: You will have a technical interview & assessment to evaluate your technical skills and problem-solving abilities.

On-Site Interview: Depending on the circumstances, an on-site interview might be conducted further to assess your fit for the role and team culture. This may include a case study or presentation.

Interview: A final interview with senior leadership to discuss your background, accomplishments, and alignment with Foundation AI& goals and values.

Offer: Successful candidates will receive a formal proposal outlining compensation, benefits, and other details.

Our Commitment:

At Foundation AI, we & are committed to creating an inclusive and diverse workplace. We value equal opportunity and affirmative action principles, giving everyone an equal chance to succeed. We & are dedicated to offering equal employment opportunities regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or veteran status. Upholding these values and adhering to applicable laws is paramount to us. For any feedback or inquiries, please contact us at [Confidential Information].

Learn more about us at www.foundationai.com