DevSecOps
Job Description:
We are looking for a DevSecOps Engineer to join our IT team and help us secure and optimize our web-based systems. You will be responsible for implementing and maintaining security best practices and standards across our WordPress website, our .NET/MSSQL information system and our JavaScript Full-stack applications. You will also collaborate with developers and operations teams to automate and streamline the development, testing and deployment processes using various tools and technologies.
To be successful in this role, you should have a strong background in web development, cloud computing and cybersecurity. You should also have experience with various DevSecOps tools and technologies, such as Jenkins, GitHub Actions, Gitlab, Ansible, Docker, Kubernetes, AWS/OCI, Git, SonarQube, OWASP, etc. You should be able to work independently and as part of a team to solve security issues and improve performance and efficiency.
Responsibilities
Develop and implement security policies, standards and procedures for our web-based systems, following industry best practices and regulations
Perform regular security assessments and audits of our web-based systems to identify and remediate vulnerabilities and risks
Monitor and analyze security logs and alerts from various sources, such as servers, network devices, applications and cloud services, to detect and respond to security incidents.
Implement and maintain security controls and solutions, such as firewalls, antivirus, encryption, VPN, SIEM, IDS/IPS, etc., to protect our data and systems from unauthorized access, modification or destruction
Develop and maintain CICD pipelines and scripts to automate and integrate the development, testing and deployment processes, using tools such as Jenkins, GitHub Actions, Gitlab, Ansible, Docker, Kubernetes, AWS/OCI, Git, etc.
Test, select and implement technologies, tools and methods to improve the performance, reliability and scalability of our web-based systems.
Educate and train users and IT staff on security awareness and best practices
Research and stay updated on the latest security trends, threats and technologies
Qualifications
Bachelor's degree in computer science, information security or related field, or equivalent work experience
3+ years of experience in web development, cloud computing and cybersecurity
Knowledge and experience with web development technologies and frameworks, such as WordPress, PHP, .NET, MSSQL, MySQL, JavaScript, HTML, CSS, etc.
Knowledge and experience with DevSecOps tools and technologies, such as Jenkins, GitHub Actions, Gitlab, Ansible, Docker, Kubernetes, AWS/Azure, Git, SonarQube, OWASP, etc.
Knowledge and experience with security frameworks and standards, such as NCA, NIST, ISO, PCI, HIPAA, etc.
Knowledge and experience with security testing and analysis tools, such as Nmap, Metasploit, Wireshark, Burp Suite, etc.
Knowledge and experience with scripting languages, such as Python, PowerShell, Bash, etc.
Excellent communication, problem-solving and analytical skills
Certification in security, such as CISSP, CEH, CISM, etc., is a plus