DevSecOps Tech Lead

Role: DevSecOps Technical lead

Experience: 5-8 Years

Location: Mumbai & Bangalore ( 1st Preference), Pune (2nd Preference)

Notice Period: Immediate Joiners Preferreed

Education/Certification: Engineering or B.E / BCS (Computers/Electronics and telecommunications)

Technical Certifications are desirable.

Mandatory Skills:

Experience in leading DevOps or DevSecOps initiatives

Skilled in designing and implementing DevOps and DevSecOps practices into the software delivery process, embedding security into delivery pipelines, and instituting governance

Strong experience in defining strategies for security and implementing them

A strong understanding of code quality controls, Infrastructure as a code, SAST, DAST and secure SDLC, infrastructure security in the cloud (multi-Cloud) environment

Strong experience in integrating security tools (SAST, DAST, SCA) like Veracode, Coverity, and Black Duck in CICD pipeline

Strong Experience in SecOps and should know how to implement DevSecOps within CI/CD pipeline.

Experience/comfortable with Agile/scrum development processes and methodologies

Experience in vulnerability management, patching automation

Experience with containerized environments and micro-services (i.e. Docker & K8S)

Experience in Docker image security scanning

Experience in cloud native CI/CD and DevOps solutions (Code build, Code deploy, etc.)

Support security teams in security reviews: Threat modeling, Application code (in-house) & dependencies (libraries, packages, etc.), Authentication & authorization flows, Application configuration, Data privacy (encryption, anonymization).

Experience building and maintaining infrastructure, tools, and services to improve delivery and availability

Experience with CI/CD tools such as Jenkins, Gitlab, Nexus, JFrog Artifactory

Experience with configuration automation tools (Puppet, Ansible, Chef, Salt).

Experience with operating system internals, file systems, diskstorage, and networking protocols.

Possesses good working knowledge of scripting like Bash, Shell, Powershell, etc.

Strong debugging skills Desired skills:

Strong experience with Linux-based infrastructures, Linux/Unix administration

Working knowledge on application development architectures and design patterns, and web and mobile deployment methodologies and technologies

Experience with interfacing to IoT, hardware devices, or home automation products

Experience in healthcare or medical devices

Working knowledge of databases and SQL

Proficiency in documenting processes and monitoring performance metrics.

Experience with monitoring tools like Prometheus, Grafana, Dynatrace, New Relic etc.,

Advanced knowledge of best practices related to data encryption, certificate management, and cybersecurity.

Collaborate with the security team to implement and verify secure coding techniques and integrate code security tools for Continuous Integration.

Scanning repositories for security vulnerabilities using tools i.e. Veracode, Coverity, Black Duck, early threat modeling, and Security design reviews

Manage comprehensive vulnerability management systems across all assets on-premises and in the cloud

Providing cybersecurity advisory and support during the development stages of software systems, networks

Proactively implement security measures and controls within organizations, weighing the consequences of any action

Protects system by defining access privileges, control structures, and resources

Recognizes problems by identifying abnormalities, reporting violations

Implements security improvements by assessing current situation; evaluating trends; anticipating requirements

Contribute to efficient development process pipeline by leveraging best-in-class CICD tools.

Work alongside development teams to deploy, monitor, and troubleshoot application deployments

Proactively improve site reliability and key metrics, such as up-time, application performance, time to issue resolution, time spent resolving incidents, and other key operational SLAs

Build tools and employ automation to manage, standardize, and accelerate processes

Implement infrastructure, build, scaling, and project automation

Coordinate with other platform teams as part of cross-functional teams like security, IT, other Dev teams

Interested candidates can share their updated CV to [Confidential Information]