We are looking for a DevSecOps Lead to provide enterprise-level security practices to our customers. You will audit and configure software and tools to help our customers embed security into the delivery process of the developed applications and infrastructure.
DevSecOps responsibilities include auditing the infrastructure and delivery flow, infrastructure hardening, configuring SSO, logging and alerting, configuring DDoS protection, IAM policies, role-based access, key management, provide architecture expertise in infrastructure security planning process, etc. In this role you will also review delivery pipelines to ensure that security best practices are embedded into the process on all levels.
Our Customer is a financial service company that provides supply chain finance across Europe, North America and Asia.
Ciklum is building a team to work on various projects which primary goal is to improve and automate the customer’s business processes, reduce time and efforts, required for various operations
Responsibilities
Creating security roadmap
Embed security best practices into delivery flow to ensure applications and infrastructure security from development to production:
Collaborate with DevOps, developers, and QA to secure the deliverables;
Support the teams to implement the security best practices;
Troubleshoot issues and remove blockers with the security to maintain secure delivery;
Measure the security and use this data to prioritise work to continually improve it.
Engineering tasks:
Enable centralised monitoring, logging, reporting and alerting tooling that client’s teams integrate with;
Enable SSO and per-user usage logging in the delivery tools;
Enable secret management between teams and environments;
Design and enable network security with health checks and alerts;
Enable DDoS protection;
Enable disaster recovery for critical components.
Collaboration with Delivery, DevOps, and Security teams in:
Auditing infrastructure for vulnerabilities;
Resolving security issues;
Providing detailed security baseline requirements for all teams;
Securing environments and supportive infrastructure;
Delivery flow refinements to embed security;
Security quality gates implementation refinements;
Code and infrastructure review.
Team management:
Interviewing and hiring potential team members;
Tasks decomposition and prioritization;
Review quality of DevSecOps team deliverables;
Protecting the team from unnecessary interruptions and distractions;
Organization and facilitation of standard scrum meetings;
Establishing an environment where the team can be effective;
Ensuring a good relationship between the team and product owners as well as others outside the team;
Status reporting including key risks and issues;
Facilitating the backlog grooming and estimation process;
Participate in demonstrations to Customer;
Demonstrate to the development teams and customer each sprint the continual improvement made by the DevSecOps team.
Deliverables:
Security audit framework greed with stakeholders;
Environment and infrastructure security design agreed with stakeholders;
Secure Delivery flow agreed with stakeholders;
Central Monitoring, logging, reporting and alerting architecture and design and agree with stakeholders;
Refined, prioritized team backlog supporting points above;
Document working processes and baselines for the SecOps team;
Agreements between Delivery, Platform and QA teams.
Requirements
Docker, AWS and git experience as a must;
CloudFormation experience as a must;
Experience with SSO concepts;
Experience in automation builds and tests;
Experience with vulnerability discovery tools;
Experience in CI/CD automation tools (Jenkins/Bitbucket/etc);
Experience with code quality tools;
Experience with microservices design;
Strong knowledge of best security practices and methodologies;
Experience in logging and application monitoring tools.
Personal skills
Influential over design and development strategy;
Collaborative and supportive of other teams;
Able to embed security best practice in all teams and calling out where this is not being followed;
Observant and uses of data to make evidence based decisions with a view to continually improving the security of delivery from developers to Production;
Attention to details;
System thinking;
Responsible;
Honest;
Empathetic;
Self-Managed;
Respected and inspiring;
Sociable.
What's in it for you
Career growth opportunities;
Realization of your innovative ideas in building new Ciklum Solutions and Services;
Friendly collaborative teams and enjoyable working environment;
Professional skills development and training programs;
Variety of knowledge sharing, training and self-development opportunities;
State of the art, cool, centrally located offices with warm atmosphere which creates really good working conditions.
About Ciklum
Ciklum is a global software engineering and technology partner. We deliver software engineering excellence to Fortune 500 and fast-growing organizations alike around the world.
Since 2002, over 3,000+ developers located in the delivery centres across the globe provide our clients with a range of services including extended software development teams, outsourcing software development, Quality Assurance, R&D, IoT, Big Data, and engineering consulting.
Company website:
https://www.ciklum.com/
The job ad is no longer active
Look at the current
jobs
Sysadmin
Kyiv→