TheSenior Cloud DevSecOps Engineer will be working on leading and implementing the security strategy governing the application and cloud-based platform infrastructure. You will work with other infrastructure, DevSecOps and application engineers to understand product and business needs, provide expertise around application and cloud service development, as well as define and own clear guardrails, alerts, and Security as Code (SaC) deployments to provide 24/7 protection from malicious traffic, vulnerabilities and other attack vectors.
Job Responsibilities
- Collaborating with other Cloud CoE teams and stakeholders from Business Lines
- Build and maintain an cloud platform infrastructure architecture aligning security, compliance, performance and resilience
- Defining and maintaining the CI/CD pipeline on multiple platforms with security plugins integration
- Provide expertise and best practices for implementing cloud security (internal) and product security (external)
- Guiding and mentoring other team members on Technical topics around SecOps
- Assess architectures and designs for security vulnerabilities and suggest and implement proper alternatives
- Oversee the management and remediation of identified security flaws within our development platforms
- Building and maintaining monitoring, auditing, and reporting frameworks that produces artifacts that support security and compliance needs
- Building and maintaining a set of tools that enable developers to self-serve for most operational tasks
- Developing processes that produce artifacts that support security and compliance requirements
Job Profile:
- 10+ years of experience of IT experience.
- Expert level knowledge on cloud foundational services around connectivity, networking, IAM and security (either AWS/Azure) - cloud native preferred.
- Significant knowledge of security best practices for client-server product architectures, focusing predominantly on cloud-based server development
- Significant knowledge of AWS/Azure foundational (security) services around EC2, IAM, CloudWatch, CloudTrail, Config, Lambda, Security Groups, VPCs, WAF, Guard Duty, Inspector, AWS Security Hub, Azure Security Center etc.
- Experience on DevOps with large scale CI/CD implementation using IaC tools - Cloud Formation Template, Terraform on Azure, Azure DevOps, ARM Templates, AWS Code Build, Code Pipeline etc(integration with security plugins) and container orchestration technologies - Docker, Kubernetes, Mesos (nice to have)
- Experience with setting up and maintaining always available CI/CD pipeline with strong knowledge of toolchain (cloud native preferred) for build and dependency management tools, Static analysis tools, automation tools, configuration management and provisioning tools, Sonar Qube, Black Duck, JaCoCo, Jenkins, TeamCity, Atlassian Tools, Artifactory, Nexus etc.
- Experience with cloud-based security management/IDS/IPS/SIEM tools, such as Splunk, Dome9, AlienVault, AlertLogic, Fortinet, Threat Stack, etc.
- Programming or scripting experience with a popular modern language utilized by above tools (Java, Python, Ruby, etc.).
- Experience extracting pertinent security data from SIEM solutions and AWS audit, logs, and reports
- Experience in performing security vulnerability assessments, good familiarity with regulations and standards like Security, PCI and Data Privacy
- Bachelor's degree or higher in Computer Science, Engineering, or other Engineering or Technical discipline or equivalent relevant experience
- 4+ years of experience with Security Best Practices, implementing enterprise-grade security solutions
- 3+ years of experience with AWS development and management (AWS Associate certification or higher preferred)
- 2+ years of experience writing code or scripts in a modern programming or scripting language (Java, Python, Ruby, etc.).
- One or more recognized security and cloud specific certifications, e.g., CCSP, SSCP, CISSP, CCSK
- Self-motivated, proactive, driven individual
- Strong interpersonal, oral, and written communication skills
- Ability to work independently and in group environments
#LI-7013
