DevOps Engineer - Vulnerability Patching (Apache Tomcat & Oracle)

Job Description

DevOps Engineer Vulnerability Patching (Apache Tomcat & Oracle WebLogic) Overview We are seeking a DevOps Engineer with expertise in vulnerability patching for Apache Tomcat and Oracle WebLogic to enhance the security and performance of our applications. The ideal candidate will be responsible for identifying, assessing, and remediating security vulnerabilities while ensuring minimal downtime and compliance with security best practices. Responsibilities Key Responsibilities: Vulnerability Management: Identify, analyze, and mitigate security vulnerabilities in Apache Tomcat and Oracle WebLogic across development and production environments. Patch Deployment: Apply security patches and updates for Apache Tomcat and WebLogic, ensuring system stability and uptime. Automation & Scripting: Develop and maintain automation scripts (Bash, Shell Scripting,PowerShell, Python, Ansible) to streamline patching and update processes. Configuration Management: Utilize Ansible, Terraform, Puppet, or Chef to enforce secure configurations and automate patching workflows. CI/CD Pipeline Security: Ensure that Tomcat and WebLogic updates are integrated into CI/CD pipelines (Jenkins, GitLab CI, Azure DevOps). Monitoring & Compliance: Implement security monitoring tools and best practices to ensure compliance with CIS, NIST, ISO 27001, and PCI-DSS. Incident Response: Work with security teams to investigate and remediate vulnerabilities related to Tomcat and WebLogic. Documentation & Reporting: Maintain detailed records of patching activities, vulnerability reports, and risk assessments. Requirements Required Skills & Experience: xx years of experience in a DevOps, IT Security, or System Administration role. Strong knowledge of Apache Tomcat and Oracle WebLogic security vulnerabilities and patching methodologies. Experience with Java application servers, middleware administration, and hardening techniques. Proficiency in Linux (Ubuntu, RHEL, CentOS) and Windows Server administration. Hands-on experience with patch management tools and security updates for enterprise applications. Expertise in PowerShell, Bash, or Python scripting for automation. Familiarity with vulnerability scanning tools (Nessus, Qualys, Tenable, Rapid7). Experience working with Docker, Kubernetes, and cloud platforms (AWS, Azure, GCP). Collaborate closely with Dev teams and work on remediation solutions by understanding application architecture .Preferred Qualifications: Certifications such as Oracle Certified Professional (OCP), AWS Certified DevOps Engineer, RHCE, or CISSP. Experience working in Telecom industiries Prior experience with SIEM tools (Splunk, ELK, Datadog) for security monitoring. Prior experience with endpoint security and system hardening.