Manager - DevSecOps

Job description

Essential Services : Role & Location fungibility

At ICICI Bank, we believe in serving our customers beyond our role definition, product boundaries, and domain limitations through our philosophy of customer 360-degree. In essence, this captures our belief in serving the entire banking needs of our customers as One Bank, One Team. To achieve this, employees at ICICI Bank are expected to be role and location-fungible with the understanding that Banking is an essential service. The role descriptions give you an overview of the responsibilities, it is only directional and guiding in nature.

About the role

We are looking for a skilled professional to join our Information Security Team as a DevSecOps Manager. As a DevSecOps Manager, you will be responsible for implementation of Security tools in DevOps CI/CD (Continuous integration/Continuous Delivery) pipeline and publish security standards and best practices for Developers teams.

Key Responsibilities

• Identifying Vulnerabilities: Enable automated security scanning process to identify the known vulnerabilities in source code, Open-source library, and configuration. Provide technical leadership and direction in the DevSecOps domain.
• Analysis: Troubleshoot DevSecOps pipeline implementation issue and support for successful deployment. Implement DevSecOps with multiple agile teams across various platforms, environments, and instances. Implement Automated DevSecOps template-based solutions for cloud environments.
• Implement Security Measures: Understand the Security Requirements & Implement the new DevSecOps process. Integrate, Monitor and Improve Cloud Security controls via DevSecOps process in existing DevOps process. Perform assessment and help to mitigate Security findings and implement improvement Security measures. Configure Cloud Security Tools/Systems in a CI/CD Pipelines. Implementing Security scanning into Jenkins, Code Pipeline, and DevOps workflows. Define gating process metrics for security and implement in DevSecOps. Employ infrastructure as code to increase automation, scalability, and reliability.
• Reporting: Prepare and provide necessary metrics, detailed reports, artifacts, executive summary and dashboard to leadership on a regular frequency. Build and maintain a set of tools that enable developers to self-serve for remediation. Monthly Dashboard Reporting for Leadership.
• Collaborate: Capable of working in a dynamic environment, multi-department coordination and attaining the target.

Qualifications & Skills

• Educational Qualification: Engineering Graduate in CS, IT, EC or InfoSec, CyberSec or MCA equivalent.
• Certifications: CSSLP, CISSP, GPEN, ECSA, CEH, CISM, CISA, or equivalent.
• Compliance: Good understanding of cyber security trends & hacking techniques. Experience in analysing threats of cloud and application components. Familiarity with OWASP, SANS vulnerabilities along with its validations in source code and other security frameworks & Compliance. Ability to review assessment reports to provide risk mitigation & recommendations on that basis.
• Technical Skills: Experience with various application security tools including SAST, DAST, Software composition analysis and application Penetration testing. Experience with Automation in testing or orchestration Selenium, Maven, Ant, Msbuild, Npm, Yarn, Jenkins, Gitlab, Bitbucket, etc. Knowledge of Agile and Scrum processes. Understanding of virtualization and container technologies (Docker, Kubernetes, etc).
• Communication skills: Outstanding communication abilities. Ability to effectively communicate the required recommendations.

About the Business Group

ICICI Banks Information Security Group believes in providing services to its customers in the safest and secured manner, keeping in mind that data protection for its customers is as important as providing quality banking services across the spectrum. The CIA triad of Confidentiality, Integrity, and Availability is built on the vision of creating a comprehensive information security framework. The Bank also lays emphasis on customer elements like protection from phishing, adaptive authentication, awareness initiatives, and provide easy to use protection and risk configuration ability in the hands of customers. With this core responsibly, ICICI administer and promotes on going campaigns to create awareness among customers on security aspects while banking through digital channels.