Information Security Lead

• Manage a team of DevSecOps security analysts and implementation engineers
• Implement DevSecOps tools in all product dev environments
• Follow up with staff members to ensure completion of security-related tasks
• Manage and maintain Security health check of the integrated automation.
• Provide professional support for the developed automations, responding to incidents to avoid system outages or restore availability to meet SLAs.
• Analyze the implementation needs and provide effort estimation to the users
• Stay abreast of industry best practices (Research new technologies) and contribute ideas for improvements in DevOps practices, delivering innovation through automation.
• Tracks and reports on the test execution in a timely manner with attention given to achieving a high level of quality.
• Liaise with development and infra teams to get the defect resolutions
• Onboard new hires, train and share knowledge, take an active role in technical mentoring and elevating team knowledge.
• Working with external vendors for support, manage the relevant vendor employees and make sure the support is performed as planned
• Maintaining hardware and software deployment and POC planning
• 3+ years of experience in leading a team (team of security analysts is preferrable)
• 5+ years of relevant experience in information Security DevSecOps
• Total experience - 6-8 years
• Extensive expertise in Application security and security architecture area.
• Hands on experience in SAST Tools (e.g. Checkmarx), Container Scanning tools (Twistlock, Wiz)
• Expertise in Security code reviews and onboarding process for managing false positives
• 5+ years experience in FOSS security issues and security hardening (CIS benchmarks)
• 3+ years experience in setting up continuous integration and continuous delivery systems
• 2-3 years experience with continuous-integration tools such as Hudson/Jenkins, LiquiBase, Github actions
• Understanding of build process, best practices and tools such as Maven, Jenkins pipeline, groovy
• Knowledge of OWASP top 10 list of vulnerabilities, NIST SP-800-xx, NVD, CVSS scoring etc concepts
• Great Communication skills - (Ability to communicate with a Developer, a Manager or Director level).
• Project Management Skills
• 2-3 years basic understanding of Cloud Platforms
• BS in Computer Science, or equivalent
• Working in Agile/Scrum team

Nice to have:

• Familiarity with REST Services, Service Oriented Systems and Micro-services architecture
• Scripting skills in at least one of the following: Python, Django web framework, Perl, Ruby, shell (bash, ksh, csh)
• Knowledge in distributed systems, software and network security preferred.
• Security concepts and knowledge of security attacks on Web applications, REST services, distributed systems
• Sound Knowledge of TCP/IP protocol Stack, HTTP protocol, encoding standards, encryption technologies and development frameworks.
• 2+years of experience on docker /k8S