-
Requirements
: -
Bachelors degree in Computer Science, Information Security, or a related field.
-
Proven experience in a DevSecOps or related role.
-
Proficiency in security and DevOps tools such as Jenkins, Docker, Kubernetes, and security scanning tools.
-
Strong understanding of cloud platforms (e.g., GCP,AWS, Azure ) and their security features.
-
Experience with automation and scripting languages (e.g., Python, Bash).
-
Familiarity with continuous integration and continuous delivery (CI/CD) pipelines.
-
Excellent problem-solving and analytical skills.
-
Strong communication and leadership abilities.
Advanced Cloud Security
: Develop and enhance security controls in GCP, including identity and access management (IAM), encryption strategies, and cloud security posture management (CSPM).
DevSecOps Advocacy
: Champion the integration of security automation tools (SAST, DAST, IaC scanning) into CI/CD pipelines, ensuring proactive identification and remediation of vulnerabilities.
Security Automation
: Build and maintain automated security tooling for cloud infrastructure, using Infrastructure as Code (IaC) technologies like Terraform to streamline security operations.
Incident Response & Threat Hunting
: Collaborate with security operations and incident response teams during investigations and implement remediations for security incidents in GCP. o Develop and implement security incident response plans for GCP environments.
o Proactively hunt for threats and vulnerabilities in GCP using threat intelligence and security analytics platforms.
o Shift notification channels left to ensure developers receive notifications / alerts about the workloads they deploy and manage.
Compliance & Risk Management
: Ensure adherence to security frameworks (SOC 2, ISO 27001, NIST, etc.) and assist with cloud goverce, risk, and compliance initiatives. o Conduct security assessments and audits to ensure compliance with relevant regulations and industry standards (e.g., SOC 2, ISO 27001, PCI DSS, FERPA, GDPR, CCPA).
o Develop and maintain a risk register for GCP environments, identifying and prioritizing security risks.
Monitoring & Threat Detection
: Partner with Infosec on implementation and managing security monitoring, logging, and alerting mechanisms across GCP, leveraging native services and third-party tools for continuous security visibility.
Continuous Security Improvement
: Lead eZorts to continuously evaluate and improve platform security practices in response to emerging threats, evolving technologies, and industry trends. o Stay abreast of emerging security threats, vulnerabilities, and best practices in the cloud security domain.
o Research and evaluate new security technologies and tools to enhance the security posture of GCP environments.
o Contribute to the development of security policies and standards for the organization.
-
Must-Have Skills
: -
Strong expertise in DevOps and security tools (e.g., Jenkins, Docker, Kubernetes, Ansible).
-
Experience with cloud security and cloud platforms (AWS, Azure, GCP).
-
Proficiency in scripting and automation (Python, Bash, etc.).
-
Hands-on experience with vulnerability assessment and penetration testing tools.
-
Knowledge of security compliance frameworks (e.g., ISO 27001, NIST, GDPR).
-
Soft Skills
: -
Leadership: Ability to guide and mentor cross-functional teams in security practices.
-
Problem-Solving: Strong analytical skills to identify and resolve complex security issues.
-
Communication: Clear and effective communication with technical and non-technical stakeholders.
-
Attention to Detail: Meticulous approach to identifying and addressing security vulnerabilities.
-
Collaboration: Ability to work effectively in a team environment and foster a culture of shared responsibility for security.
-
Hard Skills
: -
DevOps and Security Tools: Proficiency in tools such as Jenkins, Docker, Kubernetes, and security scanning tools.
-
Vulnerability Assessment: Experience in identifying and mitigating security vulnerabilities.
-
Security Integration: Ability to embed security protocols into the DevOps pipeline.
-
Incident Response: Skills in responding to and managing security incidents.
-
Automation: Expertise in automating security processes and integrating them into CI/CD pipelines.
Security Leadership
: Lead security design and architecture reviews for GCP environments, ensuring security is embedded at all layers of the infrastructure. o Define and implement security standards for GCP infrastructure, including network segmentation, firewall rules, and secure configurations for compute, storage, and database services.
o Conduct threat modeling exercises to identify potential security risks and develop mitigation strategies.
o Establish and maintain security baselines for GCP resources
Strategic Collaboration
: Partner with security architects, developers, and platform engineers to implement security best practices across DevSecOps pipelines and cloud infrastructure. o Work closely with development teams to integrate security testing into the software development lifecycle (SDLC).
o Collaborate with operations teams to implement security monitoring and incident response processes.
o Provide guidance to architects and engineers on secure cloud design patterns and best practices.
