Senior DevSecOps Engineer
Львів, Київ, Одеса, Харків, Івано-Франківськ IT Security Senior 15555Responsibilities:
- Role: Product security / Application Security / DevSecOps / Security Architecture;
- Security advisory on projects with different size and technologies;
- You will be the primary security engineer for software products and act as the point of contact for engineering and security;
- Design, build and review security-related services and functions of web applications, mobile applications, and desktop applications;
- Conduct product security threat and risk assessments for software products regularly (OWASP Threat Dragon/MS Threat Modeling Tool);
- Classify data and applications based on business risk. Establish a simple classification system to represent risk-tiers for applications;
- Work with product & development managers for the assessment and prioritization of security-related tasks in the development backlog;
- Provide the Engineering teams well-researched security solutions and controls to mitigate risk and fix vulnerabilities;
- Improves the adoption of security best practices in testing, automation, and continuous integration pipelines.
Requirements:
- 3+ year of experience with CI/CD principles and tooling [Git, Terraform, Jenkins, Artifactory];
- 3+ year experience with Azure focus on security and 1+ year with Kubernetes secure deployment;
- Security experience on Azure / MO365 security features and components;
- Deep knowledge of SSDLC, secure development and runtime application protection;
- Deep knowledge of containers development and security applied on those environments in terms of container, host and orchestrator(s) security and workload protection;
- 3+ year experience with scripting language such as Java, .NET, Python, Bash, PowerShell, etc.;
- Experience with IAM provider (Azure AD), Vault (Hashicorp) and OpenVPN and similar;
- Significant knowledge of security best practices for cloud native architectures, both on development and deployment;
- Experience with cloud-based security management SIEM tools, e.g. Splunk (nice to have) or ELK;
- Proven track record in supporting development teams in security area throughout all phases of systems development life cycle (design, threat modelling, development, maintenance);
- Hands-on experience with integration of SAST, DAST and SCA tools into CI/CD pipelines;
- Sound knowledge of impact and remediation techniques for vulnerabilities from and outside of OWASP Top 10;
- Sound knowledge on modern authentication/authorization frameworks, methods, and technologies (OAuth2.0, OIDC, JWT);
- Experience with Scrum approach;
- Good communication skills, ability to conduct email communications, lead security-related meetings and discussions;
- At least Upper- Intermediate level of English including cybersecurity-related vocabulary.
Nice to have:
- Understanding or experience about SOP (Standard Operating Procedure), SOX Compliance, Audit Control.