Job Openings Architect - DevSecOps

About the job Architect - DevSecOps

Advanced Technical Skills

  • DevOps & CI/CD Tools Mastery:
    • Expertise in Jenkins, GitLab CI, CircleCI, Travis CI, or similar tools for automating build and deployment pipelines.
    • Advanced knowledge of Docker, Kubernetes, Helm, and ECS for containerization, orchestration, and managing microservices.
    • Proficiency in Infrastructure as Code (IaC) tools like Terraform, CloudFormation, Pulumi, and Ansible for automating infrastructure provisioning and configuration management.
  • Security Automation Tools:
    • Hands-on experience with advanced security tools such as Mend.io (White Source), SonarQube, Aqua Security, Snyk, OWASP ZAP, Qualys, and Tenable for vulnerability scanning and code security.
  • Cloud Security Expertise:
    • Strong experience securing cloud infrastructure using AWS, Google Cloud Platform (GCP), Huawei and Azure, with a focus on identity and access management (IAM), encryption, and network security.
    • Familiarity with cloud-native security services such as AWS Security Hub, Google Cloud Security Command Center, or Azure Security Center.
  • Advanced Programming/Scripting Skills:
    • Proficiency in programming and scripting languages such as Python, Go, Ruby, Bash, or Java to automate security tasks, write custom scripts, and build security tools.
  • Container Security:
    • Expertise in securing containerized applications and platforms (e.g., Docker, Kubernetes, OpenShift), including image scanning, runtime security, and secure orchestration.
  • Compliance and Risk Management:
    • Deep understanding of regulatory requirements and frameworks like GDPR, HIPAA, PCI-DSS, SOC 2, ISO 27001, and how to integrate compliance automation in the DevOps pipeline.
    • Experience implementing security and compliance controls across infrastructure and applications.

2. Advanced Security Expertise

  • Threat Modeling & Risk Assessment:
    • Ability to lead threat modeling sessions and risk assessments for applications, infrastructure, and cloud environments.
    • Skilled in identifying and addressing security risks in software development, deployment pipelines, and operational environments.
  • Security Testing & Code Analysis:
    • Expert in integrating SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), IAST (Interactive Application Security Testing), and RASP (Runtime Application Self Protection) into CI/CD pipelines.
    • Lead and guide automated and manual security testing across the entire development lifecycle.
  • Incident Response & Forensics:
    • Strong experience in leading security incident response, including investigation, triage, and remediation of security breaches.
    • Knowledge of digital forensics and post-incident analysis.
  • Security Architecture Design:
    • Ability to design secure architectures for applications and infrastructure, considering threats, compliance, and secure coding practices.
    • Proficient in designing secure microservices, APIs, and serverless applications.

3. Leadership & Collaboration

  • Team Leadership:
    • Lead and mentor junior and mid-level DevSecOps engineers, providing guidance on best practices for security, automation, and DevOps processes.
    • Foster a security-first culture within development and operations teams.
  • Cross-functional Collaboration:
    • Work closely with development teams, security teams, and operations teams to ensure security practices are embedded in every stage of the software development lifecycle (SDLC).
    • Act as a bridge between security teams and DevOps teams to ensure a seamless integration of security and operations.
  • Stakeholder Communication:
    • Ability to communicate complex security concepts to non-technical stakeholders, executives, and teams, including risk assessments, recommendations, and mitigation strategies.
    • Regularly report on security posture, vulnerabilities, and the status of security initiatives to leadership.

4. Strategic & Operational Skills

  • DevSecOps Strategy & Roadmap:
    • Define and execute the organization's DevSecOps strategy, aligning with business goals and ensuring robust security practices in the CI/CD pipeline.
    • Drive continuous improvement of DevSecOps practices, including automation, policy enforcement, and threat mitigation.
  • Change Management & Process Improvement:
    • Lead efforts to improve development and operational processes, ensuring that security is part of the continuous integration and delivery process.
    • Contribute to the development of best practices and standards for secure DevOps practices.
  • Vulnerability Management & Remediation:
    • Lead the vulnerability management program, from discovery to remediation, ensuring that security issues are prioritized based on risk and business impact.
    • Implement automated tools for vulnerability scanning and remediation across the pipeline.

5. Experience & Education

  • Work Experience:
    • 5-8+ years of experience in DevOps, security engineering, or related fields, with at least 3 years of experience in a senior or lead role in a DevSecOps or security engineering capacity.
  • Security Certifications:
    • Certifications in security or cloud services are highly valued, such as:
      • Certified DevSecOps Professional (CDP)
      • Certified Information Systems Security Professional (CISSP)
      • Certified Cloud Security Professional (CCSP)
      • Certified Ethical Hacker (CEH)
      • AWS Certified Security Specialty, Azure Security Engineer, or Google Cloud Security Engineer.
  • Cloud & DevOps Certifications:
    • Cloud certifications, such as AWS Certified DevOps Engineer, Google Cloud Professional DevOps Engineer, or Microsoft Azure DevOps Engineer, are highly desirable.

6. Desirable Additional Skills

  • Serverless & Microservices Security:
    • Experience with securing serverless architectures (e.g., AWS Lambda, Azure Functions) and securing microservices APIs.
  • SIEM & Monitoring:
    • Experience with Security Information and Event Management (SIEM) tools such as Splunk, ELK Stack, QRadar, or Datadog for detecting and responding to security incidents.
  • Advanced Networking and Firewalls:
    • In-depth knowledge of networking, firewalls, and securing communications in cloud and on-prem environments.

Soft Skills

  • Problem-Solving:
    • Strong analytical and troubleshooting skills to address complex security issues in a fast-paced environment.
  • Collaboration & Communication:
    • Excellent communication skills for interacting with cross-functional teams, executives, and external stakeholders.
  • Adaptability:
    • Ability to keep up with the ever-evolving security landscape and adapt practices and tools as necessary.

A Senior DevSecOps Engineer plays a crucial role in implementing, maintaining, and evolving the security aspects of development and operations practices. They are expected to possess not only strong technical skills but also the ability to lead initiatives, mentor teams, and influence security culture across the organization.


Or refer someone