Job Summary:
We are seeking a highly skilled and experienced DevSecOps Lead to spearhead the integration of security into our DevOps processes for a global digital platform. The ideal candidate will have a deep understanding of both development and security best practices, and will play a crucial role in ensuring that our platform is secure, scalable, and compliant with global standards. This role involves close collaboration with development, operations, and security teams to embed security throughout the software development lifecycle.
Key Responsibilities:
DevSecOps Strategy & Implementation: Lead the design, implementation, and management of DevSecOps practices across the global digital platform, ensuring that security is integrated into every phase of the software development lifecycle.
Security Automation: Develop and implement security automation tools and processes to streamline security testing, monitoring, and compliance checks within CI/CD pipelines.
Risk Assessment & Mitigation: Conduct regular security risk assessments, vulnerability scanning, and threat modeling to identify and mitigate potential security risks across the platform.
Compliance & Governance: Ensure that the platform complies with global security standards, regulations, and best practices, such as GDPR, ISO 27001, and others relevant to the regions of operation.
Collaboration & Training: Work closely with development, operations, and security teams to foster a culture of security awareness and ensure that all team members are trained on secure coding and DevSecOps practices.
Monitoring & Incident Response: Implement continuous monitoring tools and processes to detect, respond to, and recover from security incidents, ensuring minimal disruption to the platform.
Tool Integration: Integrate security tools and solutions (e.g., SAST, DAST, SIEM, WAF) into the DevOps pipeline, ensuring that security is an integral part of the development and deployment process.
Performance Optimization: Optimize the DevSecOps processes to enhance efficiency without compromising security, ensuring that the platform remains fast, reliable, and secure.
Documentation & Reporting: Create and maintain comprehensive documentation for DevSecOps processes, tools, and incident response plans. Regularly report on security metrics and improvements to senior management.
Innovation & Improvement: Stay updated on the latest DevSecOps trends, tools, and best practices, continuously improving the security posture of the platform.
Qualifications:
Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field. A Master’s degree is a plus.
Minimum of 7-10 years of experience in IT, with at least 3-5 years in a DevSecOps or similar security-focused role.
Strong knowledge of DevSecOps practices, including secure coding, CI/CD pipelines, automation tools, and cloud security. Proficiency with tools such as Jenkins, Docker, Kubernetes, Terraform, Ansible, etc.
Expertise in security best practices, including vulnerability management, threat modeling, and incident response. Familiarity with security frameworks and standards (e.g., NIST, OWASP, CIS).
Experience with securing cloud environments (AWS, Azure, Google Cloud) and integrating cloud security tools and practices.
Strong analytical and problem-solving skills, with the ability to assess complex security challenges and implement effective solutions.
Excellent communication and collaboration skills, with the ability to work effectively with cross-functional teams and explain security concepts to non-technical stakeholders.
Bachelor’s degree in Computer Science, Information Technology, Cybersecurity