SecDevOps Engineer

Below are some of the core responsibilities but not limited to:  1  Integrating security features in the software development life cycle and Identification and probable security risks, with their mitigating strategies for the entire S-SDLC.  2  Implementation of security controls and Monitoring of the threat to security related to SSDLC.  3  Ensuring regulatory compliances for standards of security.  4  Proficient in uniting cross-functional teams and communicating clearly, while fervently pursuing knowledge of the latest trends and technologies in security.  5  Build in security early and often within the SDLC, so each of the phases identifies and mitigates the risks in the process.  6  Cultivate a security culture within the organization: every stakeholder should know their responsibilities with the SSDLC  7  Automate everything in the security testing and deployment process that you can possibly automate, as more likely to be driven by human error.  8  Take a security risk-based approach, focusing on all important but most critical assets and vulnerabilities.  9  To leverage IaC (infrastructure as a code) in a more consistent and efficient way to put up secure environments.  10  Regular Assessment, and penetration testing should help in identifying any exposure for the improvement of security posture.  11  Help in sharing knowledge and best practices between the security, development, and operation teams to achieve true collaboration. Monitor the environment from any security threat and respond promptly to incidents or breaches.  12  Utilize a security-centric DevOps toolchain to integrate security testing, deployment, and processes smoothly.  13  Integration of security into the SDLC will ensure developed software complies with some security standards and regulations, for example, PCI-DSS, HIPAA, GDPR, etc. 1  5+ years in Development (not just testing) field and has chosen the path of security to build the career2 Knowledge on APIs and Micro segmentation cohesion and knowledge on isolated workload deployments3 Strong understanding of security concepts, including threat modeling, risk assessment, and vulnerability management including shift left methodology towards S-SDLC4 Knowledge of the SDLC and experience integrating security best practices at every process stage.5 Familiarity with automation tools and scripting languages like Python and PowerShell.6 Understanding cloud security principles, including secure architecture design and configuration management.7 Knowledge on Jenkins, Gitlab, Docker, Kubernetes, Ansible, Terraform etc.8 Core Authentication and Authorization principles that include Auth0, JWT etc.9 Knowledge of container security principles, such as Docker and Kubernetes.10 Experience with DevOps practices, such as continuous integration and delivery (CI/CD) and infrastructure as code (IaC).11 Experience with various compliance frameworks and regulations: PCI-DSS, HIPAA, and GDPR.12 Good analytical problem-solving skills to scrutinize and solve very intricate security problems with effective solutions. 13 Ability to work cohesively with cross-functional teams and possess good communication skills.14 Passionate about continued learning and being aware of current security trends and technologies. 15 Must have Certified Dev Sec Ops Professional (CDP) / Certified Dev Sec Ops Expert (CDE)