DevSecOps Engineer 

Job Description

Responsibilities :

– Participate in security reviews of new developments to ensure that released products comply with security requirements and industry best practice, Triage defects found and perform root cause analysis

– Actively participate in compliance audits, vulnerability reviews and assessments. Undertake and support penetration testing and system reviews/audits

– Lead Policy and Procedure development for systems security

– Coach the team to write secure code, and develop/implement secure systems and processes

– Understand the Amazon identity management ecosystem holistically and create a secure infrastructure, Enforce compliance with IAM principals including least privilege access, password management, Audit logging, RBAC, deploy and maintain password management, user account lifecycle, certificate management and system authentication solutions

– Engage with stakeholders and interested parties to ensure compliance, security and operational/functional requirements are met

– Create and implement automated processes that reduce manual efforts and increase overall efficiency and scalability

– Design a secure application release automation process to make security an integral part of the CI/CD pipelines.

– Identify security tools and lead operationalization of solutions from POC to Production

– improve Web App Firewalls (WAF), Ensure early Identification of intrusion & attacks and implement countermeasures

– Implement security measures that monitor and protect sensitive data and systems from infiltration and cyber-attacks.

– Work with cloud providers to obtain an understanding of security controls, ensure controls are leveraged

– Monitor security events of runtime environments, e.g. intrusion detection, API threat prevention, container runtime security

– Monitor system logs, SIEM tools and network traffic for unusual or suspicious activity

– Maintain an understanding of the latest cybersecurity threats and implement best practices for protection.

– Act as a first-responder for security-related incidents.

Requirements :

– Overall 5+ years of relevant experience

– Bachelor’s degree in Computer Science or a related technical discipline, or equivalent practical experience.

– Solid understanding of Amazon Web Services (AWS) including VPC, ELB, IAM, KMS, EC2, S3, CloudTrail, CloudFormation, CloudWatch, Cloud HSM, AWS Encryption SDK, RDS, ELB, AWS Route 53, CloudFront, SNS

– Understanding of security frameworks and standards like OWASP & NIST, Solid understanding of security protocols, cryptography, authentication, authorization

– Good understanding of Linux and Windows OS, TCP/IP protocol stack and networking fundamentals, and security principles at all layers of the OSI stack

– Experience with API security, AWS cloud security, container security, network security, cryptography, PKI, certificate management,

– Experience in CI/CD Tools Including Git, Jenkins, Ansible, or similar

– Knowledge and experience in web application security testing, vulnerability assessment, penetration testing, and generating reports using tools like Burp Suite, Paros, AppScan, Wireshark, Nmap, and Nessus.

– Experience in designing cloud-native security architectures, applying defense in-depth strategies

– Advanced Expertise in at least one scripting language, Shell scripting, and AWS CLI

– Expert knowledge of container security (Docker/Kubernetes), Container security tools such as Twistlock and Aquatic

– Experience with third-party cloud security tools

– Experience with tooling and systems for a build, infrastructure automation, and monitoring

– Extensive experience in information security and risk management

Are you interested in this position?

Apply by clicking on the “Apply Now” button below!

#GraphicDesignJobsOnline

#WebDesignRemoteJobs #FreelanceGraphicDesigner #WorkFromHomeDesignJobs #OnlineWebDesignWork #RemoteDesignOpportunities #HireGraphicDesigners #DigitalDesignCareers# Dynamicbrand guru