Key Responsibilities

• Advocate for secure software practices across application teams, ensuring the integration of Cybersecurity, DevSecOps, and Agile engineering procedures.
• Design, implement, and manage CI/CD pipelines in GitHub Enterprise and Azure DevOps (with a focus on custom flows and actions). Implement automation tools and frameworks to streamline code delivery and security testing.
• Support and enforce the Secure Systems Development Lifecycle by defining and integrating functional and non-functional security requirements into the development process.
• Work closely with application teams to ensure the successful implementation of secure coding practices and the integration of security measures across all stages of application design and delivery.
• Monitor the performance of applications, identify potential bottlenecks, and proactively implement solutions to optimize performance and security.
• Develop and maintain documentation related to security best practices, design, and troubleshooting for DevSecOps processes and infrastructure.
• Collaborate with the infrastructure team to plan and maintain disaster recovery (DR) measures, ensuring data storage security within Azure and adherence to compliance requirements.
• Ensure all DevSecOps processes align with regulatory and security standards, conducting regular reviews of security measures and infrastructure.

Required Skills & Qualifications

• Minimum of 6 years of combined experience in DevOps/DevSecOps engineering and Software Engineering, with at least 3 years focused on security.
• Strong experience with Azure cloud services, particularly in designing and managing cloud infrastructure, security, and DevOps processes.
• Solid background in managing Kubernetes (AKS) and Linux environments, with the ability to design and implement scalable solutions.
• Proficiency in creating and managing CI/CD pipelines in Azure DevOps, including integrating security controls into the pipeline.
• Expertise in Source Code Management (SCM) practices, especially with Git for version control, including branching, merging, and integration.
• Understanding of network architectures and services such as VPN, routing, firewalls, NSGs (Network Security Groups), and other security-related configurations.
• Ability to translate traditional SDLC phases (plan, code, build, test, release, deploy, monitor) into Agile development practices, with a strong focus on automating security-related tasks.
• Strong understanding of security protocols, compliance standards, and the ability to automate and enforce security controls in cloud-based environments.

Posted By