Senior DevSecOps (Security Engineer) Offline
Release engineering team is in charge of product infrastructure including build, continuous integration and source code management (gerrit) services, container registry etc. Release engineering team is looking for a talented devsecops/security engineer with experience in secure development, coding.
Responsibilities:
- Working with application development teams to develop solutions to remediate security vulnerabilities
- Analyzing software process development cycles and identifying the level of well known requirements and practices
- Improving secure coding practices, application security requirements, automation, training and metrics
- CVE assessment
- Conduct periodic Vulnerability assessment. Participate in incident handling and other related duties to support the information security function
- Maintaining an active understanding of industry practices for secure software development
Qualifications
- 5+ years of software engineering or devops/devsecops experience
- Ability to learn and adapt to integrate application security to different CI/CD systems and apply automation as needed
- Experience with Infrastructure as Code and infrastructure testing strategies;
- Experience with fully automating CI/CD pipelines end-to-end, from code commits to production;
- Strong Linux fundamentals and experience working with Linux distributions.
- Experience with security testing tools like Nessus, Xray, Clair, trivy, etc.
- Experience in scoring the vulnerability based on CVSS calculations
- Deep understanding of software development automation tools (Jenkins, Gerrit, etc.)
- Good understanding of infrastructure as code solutions (Ansible, Terraform, Puppet etc.)
- Experience in programming or scripting languages