Technical Lead - DevSecOps

Designation - Technical Lead - DevSecOps

Experience - 8 - 12 years

Location - Remote(India)

Essential skills:

• Cloud security framework; Strong scripting skills with PowerShell and

experience managing Linux systems.

• Solid understanding of version control tools, particularly Git.
• Experience with cloud platforms, including AWS, Azure and GCP.
• Problem solving and troubleshooting skills.

Desired skills:

• Good communication skills
• Experience with Docker and container orchestration tools.
• Knowledge of microservices architecture and related best practices.

Summary:

Resource must exhibit strong trouble shooting and problem-solving skills along with knowledge of cloud architecture, security features, and cloud platforms such as AWS. Resource must be well-versed with incident management; must have information security auditing experience.

Roles & Responsibilities:

Security Integration in DevOps Pipelines:

Embed security tools and practices in CI/CD pipelines to detect

and mitigate vulnerabilities.

Implement static and dynamic code analysis, vulnerability

scanning, and container security checks.

Infrastructure Security:

Design and implement secure infrastructure leveraging cloud

services and Infrastructure as Code (IaC).

Ensure configuration management for servers and cloud

environments meets security standards.

Automation and Monitoring:

Automate security testing and monitoring processes to maintain

compliance and reduce manual intervention.

Develop and maintain monitoring systems to detect anomalies

and security breaches.

Collaboration and Training:

Collaborate with cross-functional teams to address security

concerns during software development and deployment.

Provide training and awareness on secure coding practices and

DevSecOps tools.

Incident Management:

Respond to security incidents, conduct root cause analysis, and

implement preventive measures.

Maintain and test incident response plans.

Compliance and Governance:

Ensure systems adhere to regulatory requirements and industry

best practices.

Conduct periodic security audits and assessments to maintain

compliance.

Considering dependencies, relationships, and integration points

to ensure proper solution integration with other systems when

applicable

Responsibility for compliance with applicable industry standards,

corporate policies and procedures

Maintaining high-level of client satisfaction

Leveraging knowledge and experience of technical

implementation related to IT Infrastructure Library (ITIL)

processes, workflow customization, ticketing, process

automation, report development, dashboard creation, and

system configurations

Essential Experience:

Solid experience in software development and operations,

with a focus on security.

Strong knowledge of DevOps principles and practices,

including CI/CD pipelines, version control systems, and

automated testing frameworks.

Proficiency in scripting and automation using languages such

as Python, Ruby, or PowerShell.

Familiarity with cloud platforms and services (e.g., AWS,

Azure, GCP) and their security considerations.

Experience with containerization technologies (e.g., Docker,

Kubernetes) and associated security practices.

Knowledge of security frameworks and standards (e.g.,

OWASP, NIST, ISO 27001) and their application in software

development.

Understanding of secure coding practices and common

vulnerabilities (e.g., OWASP Top 10) and their mitigation

techniques.

Strong analytical and problem-solving skills, with the ability

to identify and address security risks and incidents

effectively.

Desired Experience:

Excellent communication and collaboration skills, with the

ability to work effectively with cross-functional teams and

stakeholders.

Knowledge of microservices architecture and related best

practices