DevSecOps Engineer

Responsibilities:

• Daily focus on improving our security and working to resolve any issues highlighted by external partners in delivery or support of software we supply.
• Daily management, optimisation and troubleshooting of security in our CICD pipelines.
• Improve and manage security in our Kubernetes environment.
• Assist with any Kubernetes requirements where possible.
• Support of stakeholders and business with any other security requirements.
• Work with the DevOps team to architect, deploy, manage, optimise, secure and monitor all the company's infrastructure and software.
• Assist the software engineers with their software security and CICD pipelines.

Experience Required:

• Prior experience (3-5 years) in a Software Engineering or related position.
• Cross functional programming languages such as: PHP (Laravel), Java, Bash, Python, NodeJs, Go, etc.
• Security Tools: Tenable, NMAP, Sonarqube, Nessus etc.
• Comprehension in the security areas of Key Management Systems, Certificate Management, Encryption, Penetration Testing, Vulnerability Scanning, Security and Monitoring tools, etc.
• Experience configuring, implementing and leveraging computer security and networking diagnostic/monitoring tools.
• Deep and broad understanding of Amazon Web Services.
• Knowledge of PCI-DSS, HIPPA, SOX, GDPR, and CCPA Standards and Policies and the associated certification and audit processes.
• Ability to review and analyse vulnerability data to identify security risks to the organisation's network, infrastructure, and applications and determine any reported vulnerabilities that are false positives.
• Familiar with full software stack, mostly open source, including but not limited to: Kubernetes, Docker, Nginx, RabbitMQ, Kafka, HAProxy, Redis, Memcached, Varnish, ElasticSearch, MySQL, Redshift, Athena and Linux etc.
• Familiarity with API Security, Container Security, AWS Cloud Security.
• Networking: Firewall/IPTables/pfSense/Networking/VPC/VPN.
• DevOps Automation: Terraform, Ansible, Chef Git(GitLab), Jenkins. And ability to work with APIs and plugins to integrate security tools into established CI/CD pipelines.
• Device testing automation:
• Appium, robot framework etc
• Leadership and Teaming skills to coordinate remediation of vulnerabilities within established timeframes.