DevSecOps (offline)

Apprecode is a consulting firm specializing in cyber security and penetration testing as well.

Our clients are companies from various industries from all over the world.

We offer several services, including support of continuous integration and continuous deployment (CI/CD) initiatives, infrastructure Penetration Testing, Application Testing.

We are looking for intermediate- and senior-level candidates who enjoy working in a fast-paced/dynamic environment and loves to challenge themselves continually.

This role entails the delivery of engagements, including penetration testing, objective-based penetration testing and web & application security testing with validation of application security controls. Applicants need above-average persistence, attention to detail and passion for ethical hacking.

What you’ll be doing

Supervise implementation, testing and validation of application security controls across projects;

CI/CD;

Oversee implementation of defensive configurations and countermeasures across cloud infrastructure and applications;

Network Penetration Testing;

Assist in prioritization of vulnerabilities identified in code through automated and manual assessments, and promote quick remediation;

Web Application Security Testing;

OWASP Top 10;

CIS Critical Security Controls;

Conducting Penetration Testing assessments such as: Internal & External Networks, Web applications, Mobile, Social engineering

Scripting and automation (python, bash, PowerShell, batch, etc.);

Auditing according to regulatory standards and requirements, including ISO 27001 and PCI-DSS;

Assess risk and implement/validate controls as necessary through the CI/CD pipeline;

Operating system security (Windows, Linux, macOS);

System hardening

Vulnerability Management

Enrich DevOps architecture with security standards and best practices, promote baseline configuration and work to reduce drift.

Who you are

At least 3+ years’ experience in information technology, information security administration or security operations.

Experience working with development and infrastructure teams in agile workflows, including Scrum and Kanban.

Understanding of containerized compute (e.g., Docker) and container orchestration (e.g., Docker, Kubernetes).

Good to have OSCP or BSCP Certification.

Experience with operations and security across Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform (GCP).

Ability to obtain and maintain technical team and business support to influence a collaborative effort to reduce attack surface while performing rapid, continuous testing and implementation.

Capable of scripting in Python, Bash or PowerShell.