About the job DevSecOps Engineer
About Our Client:
Our client is the Worlds First Immersive Publishing Studio that helps developers and content producers expand reality to the mediums beyond tangibility.
Providing following services:
SPACES: Virtual Reality | Augmented Reality | Mixed Reality
CONTENTS: Games | Movies | Apps | Experiences
PLATFORMS: Oculus | ViVe | Google Play | PSVR
What We're Looking For:
- Leads the effort to embed security considerations at every stage of the development and deployment process.
- Ensures that security policies and practices are prioritized and enforced throughout the DevOps lifecycle.
- Make sure the implementation of SaC and CaC in DevOps Process.
- Implement automated security testing in CI/CD pipelines, including SAST, DAST, SCA and SBOM.
- Implementation IAST and RASP for each application.
- Customize and configure SAST tools to meet the specific needs of various projects and programming languages used within the organization.
- Leverage Abstract Syntax Trees (AST) for deeper analysis of code structures and implement custom rules and scripts to identify complex security issues using AST.
- Implement and manage GCP Organization Policies for governance and compliance.
- Completely manage CIEM, CSPM, DSPM, CWPP, KSPM, CNAPP and APM.
- Oversee the configuration and management of Cloudflare services, including CDN, WAF, DDoS protection, and SSL/TLS certificates.
- Develop and implement security strategies and protocols using Cloudflare's suite of products to protect web applications and infrastructure.
- Design, implement, and maintain secure IaC configurations across various cloud environments (AWS, Azure, GCP).
- Ensure cloud environments comply with industry standards and regulatory requirements such as GDPR, HIPAA, PCI-DSS, and SOC 2.
- Proficiency in scripting languages (e.g., Python, Bash) and experience with automation tools (e.g., Terraform, CloudFormation).
- Design Secure infrastructure diagrams using hybrid approach of cloud and on-prem to improve security. .
- Secure Docker containers by managing image scanning, runtime protection, and best practices for container hardening.
Requirements:
- Bachelors/Masters in IT/CS/SE
- Minimum 3+ years of experience of SecDevOps/DevSecOps.
- Ability to understand and integrate Shift left Security approach into each step of DevOps process.
- Strong Understanding of Continuous Integration, Delivery, Deployment, Monitoring and Improvement across multiple cloud service providers (AWS, Azure, GCP etc).
- Strong understanding of DevSecOps Maturity Models i.e. (DSOMM).
- Maintain comprehensive documentation of security architectures, processes, and incident reports, ensuring transparency and accountability.
- Experience with end-to-end fully-automated CI/CD pipelines, from code commits to production.
- Deep understanding of security controls for cloud environments, including identity and access management (IAM), network security, and data protection.
- Great understanding of threat modeling and cloud responsibility matrix.
- Excellent written and verbal communication skills, with the ability to convey technical concepts to both technical and non-technical stakeholders.
- Strong analytical and problem-solving skills, with the ability to identify and address complex security issues.
- High attention to detail and a commitment to maintaining the highest standards of security and quality.
- Certifications are preferred but not required i.e. (ECDE, CDP, CDE).
Other Details:
Experience: 3+ years
Work Timings: 9:30 am - 6:30 pm
Work Days: Monday - Friday
Work Mode: Onsite
Location: DHA Phase 6, Lahore
About HR Ways:
HR Ways is a Technical Recruitment Firm helping software houses and IT Product companies Internationally and Locally to find IT Talent. HR Ways is engaged by 150 + Employers ranging from worlds biggest SaaS Companies to most competitive Startups. Find out more at www.hrways.co