Devsecops - Cicd Pipeline / Jenkins / Cloud @ Nexwave Talent

Job Description

o Understand, manage and be compliant with the Service Level Agreements defined for the DevSecOps services.

o Deep knowledge of application security engineering principles and help clients development team to follow secure development practices which includes primarily monitoring and performing the security design review, architecture review, threat modeling, security testing, secure code review, secure build processes.

o Manages and mentors teams working with multiple stakeholders.

o Actively participate in decision making with engagement management and seek to understand the broader impact of current decisions

o Generate innovative ideas and challenge the status quo

o Build and nurture positive working relationships with clients with the intention to exceed client expectations

o Facilitate use of technology-based tools or methodologies to continuously improve the monitoring, management, and reliability of the service.

o Well versed with the application deployment and configuration baselines and understanding of how the application environment operates in a secure environment and how exceptions are handled during operations.

o Work with application owners, IT, developers, and project teams on targeted penetration tests of the whole application stack from network to application and processes.

o Understand clients' business environment and basic risk management approaches

o Provides subject matter advice to clients development team and helping the team to fix issues at the code level based on the priority of the tickets.

o Be a liaison between the Application development and infrastructure team and integrate the processes between infrastructure monitoring and operations processes with the secure development/testing and management processes.

o Identifying, researching, and analyzing application security events which may include emerging and existing persistent threats to the client's environment; and

o Performing active monitoring and tracking of application related threat actors and tactics, techniques, Required:

Minimum of 9+ years experience in application security development, security testing, deployment and security management phases.

Deep interest in application specific vulnerabilities, code development and infrastructure knowledge.

Investigative and analytical problem-solving skills.

Experience in collecting, analyzing, and interpreting qualitative and quantitative data from defined application security services related sources (tools, monitoring techniques etc.)

Knowledge and experience of OWASP Top 10, SANS Secure Programming, Security Engineering Principles.

Hands-on experience in running, installing, and managing DAST and SAST solutions such as web inspect, AppScan, Checkmarx and Fortify.

Hands-on experience in performing code review of dot Net, Java and Swift and objective C code.

Understanding of leading industry standards such as NIST 800-53, ISO 27001, OWASP etc.;

Hands-on experience in integrating security tools in DevOps processes.

Hands-on on at least one CI/CD tool set such as team city, Bamboo, Jenkins, Chef, Puppet, selenium.

Knowledge of cloud environments and deployment solutions such as server less computing.

Hands on experience in penetration testing of mobile, desktop and web applications.

Hands on experience on application containers such as Dockers and Kubernetes.

Understanding of security essentials including networking concepts, defense strategies, and current security technologies

Possession of excellent oral and written communication skill; and

Knowledge of one or more scripting languages for automation and complex searches

Employement Category:

+ View Contact

Keyskills:   cloud computing cics jenkins devops