Security Architect - L1

• Must have 6+ years of experience in intertwining security measures within DevOps practices. You will be pivotal in bolstering the security posture by embedding robust security frameworks into CI/CD pipelines and optimizing post-scan workflows.
• Your role will support a critical mission to enhance vulnerability assessment methodologies, swiftly triage security findings, and spearhead initiatives to uplift security standards across diverse development and infrastructure environments.
• Youll get to integrate and automate security tools, such as SAST, DAST, software composition analysis, and container scanning into a seamless CI/CD process to create a culture of security-first development.
• Participating actively in the management of post-scan activities will include:
• Triage findings with a focus on risk-based prioritization for vulnerabilities.
• Collaborate with development teams to track remediation status and ensure timely resolutions.
• Additionally, you will perform and support comprehensive vulnerability assessments for both application and infrastructure assets.
• Your responsibilities will involve close collaboration with DevOps and Security teams to establish and enforce effective security practices that dovetail with agile methodologies.
• Leverage your expertise to develop workflows that ensure secure builds, artifact signing, and automating secure release processes, enhancing our operational efficiency.
• You will also configure and manage infrastructure as code (IaC) tools such as Terraform and Ansible, embedding security controls to safeguard our automation processes.
• Monitoring, logging, and alerting mechanisms will be part of your project to establish a strong security monitoring strategy for all deployed workloads, ensuring rapid response to potential threats.
• Your contributions will not just stop at implementation; youll be responsible for generating insightful reports, metrics, and dashboards to track security posture and compliance across multiple environments.

• Required Skills & Experience:
• A minimum of 6 years experience in DevOps and Security Engineering roles, showcasing a strong foundation in both domains.
• Proficient in integrating security tools such as SonarQube, Fortify, Checkmarx, and others to create a robust security framework.
• Solid understanding of CI/CD practices using tools like Jenkins, GitLab CI, and GitHub Actions, paired with modern source control management workflows.
• Expertise in vulnerability management, understanding of CVSS scoring, and risk assessment methodologies that align with best practices.
• Experienced with widespread cloud platforms like AWS, Azure, and GCP, especially their security features and compliance landscapes.
• Familiar with container ecosystems, notably Docker and Kubernetes along with runtime scanning practices to ensure container security capabilities.

Mandatory Skills: Vulnerability Assessment Penetrationtest.

Experience: 8-10 Years.