Job
Description
We are looking for a skilled and experienced DevSecOps Engineer with specialized knowledge in Google Cloud Platform (GCP) to become a valuable member of our team. Your primary responsibility will be to ensure the security and integrity of our software development processes on GCP. Your proficiency in GCP, Rego policies, and Terraform will be essential in establishing a secure and effective development pipeline. As a DevSecOps Engineer, you will: - Develop, implement, and maintain Rego policies to enforce security controls and compliance standards in our GCP infrastructure and applications. - Collaborate with development and operations teams to integrate security into the GCP-focused CI/CD pipeline, automating security checks and scans seamlessly. - Utilize your GCP expertise to architect and deploy secure microservices and containerized applications, adhering to GCP security best practices. - Design and implement infrastructure-as-code (IaC) using Terraform to securely and efficiently define and manage GCP resources. - Conduct thorough security assessments on GCP environments using GCP-specific security tools to identify and mitigate potential vulnerabilities. - Perform threat modeling and risk assessments for GCP deployments, crafting tailored security solutions for GCP services. - Work with cross-functional teams to respond promptly to GCP-specific security incidents, conduct root cause analysis, and implement necessary corrective actions. - Stay updated on GCP advancements, industry security trends, and best practices, sharing your knowledge with team members. - Promote a culture of security awareness specific to GCP environments, ensuring security considerations are integrated throughout the development process. Requirements: - Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent experience). - Proven experience as a DevSecOps Engineer with a strong focus on GCP. - Expertise in Rego policies and policy-as-code practices, particularly with implementation in GCP. - Deep understanding of GCP services, security controls, and best practices. - Proficiency in using GCP-specific security tools, vulnerability scanners, and penetration testing tools. - Experience with Wiz and its integration for continuous security monitoring in GCP environments. - Strong experience with infrastructure-as-code (IaC) using Terraform for GCP resource provisioning and management. - Familiarity with CI/CD pipelines and automation tools (e.g., Jenkins, GitLab CI/CD) with GCP integrations. - Solid knowledge of GCP security frameworks, standards, and compliance requirements. - Strong understanding of container security in GCP and experience securing microservices. - Excellent communication and collaboration skills, with a proven ability to work effectively in cross-functional teams. - Relevant GCP certifications such as Google Professional DevOps Engineer, Google Professional Cloud Security Engineer, or similar certifications are highly advantageous. If you are passionate about leveraging your GCP expertise, Rego policies knowledge, and Terraform skills to create a secure GCP development environment, we welcome you to join our team and contribute to our GCP-focused software security initiatives.,
