Manage a team of DevSecOps security analysts and implementation engineers Implement DevSecOps tools in all product dev environments Follow up with staff members to ensure completion of security-related tasks Manage and maintain Security health check of the integrated automation. Provide professional support for the developed automations, responding to incidents to avoid system outages or restore availability to meet SLAs. Analyze the implementation needs and provide effort estimation to the users Stay abreast of industry best practices (Research new technologies) and contribute ideas for improvements in DevOps practices, delivering innovation through automation. Tracks and reports on the test execution in a timely manner with attention given to achieving a high level of quality. Liaise with development and infra teams to get the defect resolutions Onboard new hires, train and share knowledge, take an active role in technical mentoring and elevating team knowledge. Working with external vendors for support, manage the relevant vendor employees and make sure the support is performed as planned Maintaining hardware and software deployment and POC planning 3+ years of experience in leading a team (team of security analysts is preferrable) 5+ years of relevant experience in information Security DevSecOps Total experience - 6-8 years Extensive expertise in Application security and security architecture area. Hands on experience in SAST Tools (e.g. Checkmarx), Container Scanning tools (Twistlock, Wiz) Expertise in Security code reviews and onboarding process for managing false positives 5+ years experience in FOSS security issues and security hardening (CIS benchmarks) 3+ years experience in setting up continuous integration and continuous delivery systems 2-3 years experience with continuous-integration tools such as Hudson/Jenkins, LiquiBase, Github actions Understanding of build process, best practices and tools such as Maven, Jenkins pipeline, groovy Knowledge of OWASP top 10 list of vulnerabilities, NIST SP-800-xx, NVD, CVSS scoring etc concepts Great Communication skills - (Ability to communicate with a Developer, a Manager or Director level). Project Management Skills 2-3 years basic understanding of Cloud Platforms BS in Computer Science, or equivalent Working in Agile/Scrum team Nice to have: Familiarity with REST Services, Service Oriented Systems and Micro-services architecture Scripting skills in at least one of the following: Python, Django web framework, Perl, Ruby, shell (bash, ksh, csh) Knowledge in distributed systems, software and network security preferred. Security concepts and knowledge of security attacks on Web applications, REST services, distributed systems Sound Knowledge of TCP/IP protocol Stack, HTTP protocol, encoding standards, encryption technologies and development frameworks. 2+years of experience on docker /k8S
