- Provide security techniques and expertise to ensure the infrastructure and software services meet specific customer security requirements/certifications
- Collaborate with members of the team and product owners to solve operational issues and develop enhancements such as automation.
- Ensure applications stay compliant by integrating application and DevSecOps processes and CI/CD pipelines from early stages of the lifecycle.
- Collaborate with team members on continuous improvement to both the Security DevOps pipelines and processes, and to the Information Security tools, services, and processes.
- Understand technical and business requirements to develop tactical and strategic roadmaps to address and implement Secure SDLC controls (Data Privacy, SAST, DAST, etc).
- Bachelor Degree in information security, computer science.
- Experience working in an Agile, DevOps/SecDevOps environment.
- Experience working in software engineering role.
- Experience working in a Security role handling on premise and cloud infrastructures.
- Experience with security testing at scale by building and implementing static and dynamic analysis tools, integrating security into CI/CD workflows for everyday deployments.
- Experience with Authentication and Authorization solutions.
- Experience with static code analysis for software or infrastructure as code, including SonarQube,Terraform.
- Experience with vulnerability scanners, including Tenable Nessus, Qualys, ...
- Understanding of secure software development practices - AppSec - Security and/or regulatory experience desired, OWASP 10 and Web Application Security, Mobile Application Security, API Security.
- Good knowledge of threat modeling, risk assessment techniques, code reviews, and with the latest security best practices
- Require good knowledge of CI/CD tools - Knowledge of GitLab CI/CD, Seleneoid, Jmeter, SoapUI, Junit
- Require good knowledge in automatic configuration management tool - Knowledge of Ansible, Terraform
- Require good knowledge of automated security tools - SAST, SCA, DAST, IAST
- Good knowledge of containers and orchestration platforms. Need to know how to create, build, deploy and manage containers in development and production environments - Docker, Kubernetes.
- Patterns/ Principles - Blue/Green Deployment - Canary Release, Feature Flipping
- IDE: Eclipse, Visual Studio
- Public Cloud services knowledge: AWS, Digital Ocean.
- Knowledge of Logging & Monitoring tools: ELK, Grafana, DataDog, Prometheus.
- Experience in developing integration APIs and WebServices (REST/SOAP), API Development
- Knowledge of API Security