XChange Software Inc.
Iselin, NJ
Post Resume to
View Contact Details &
Apply for Job
Job Description :

Position: Sr. DevSecOps Consultant

100% Remote

Duration: 12+ months

Job Description:

Responsibilities:

  • Manage DEV / QA / STAGING clusters in the cloud from an IT security point of view
  • Manage DEV / QA / STAGING clusters on our premises from an IT security point of view
  • Hazard and Risk Analysis (HARA) of operated systems, drive mitigation of findings
  • Collaborate with SW Architects in questions of IT security requirements and solutions
  • Integrate Security into the CI/CD pipelines and secure cloud-based and on-premises
  • software deployments using industry best practices
  • Support DevOps by configuring automated build & deploy pipelines based on GitLab
    Runners
  • Integrate security scans into build and deploy pipelines (SAST and DAST) for container-based application (Kubernetes)
  • Assess security stance of cloud and on-premises deployments. Recommend and
    implement mitigation measures
  • Operation and monitoring, including creation of monitoring tools and dashboards, of all
  • CI/CD pipelines
  • Automated tasks
  • Clusters
  • Implementation of automated IT security measures (rolling secrets, analysis of security
    audit logs, …)

    Required Knowledge
  • Expert in IT Security Operations processes and their tailoring towards the application
    domain
  • Working on a conceptual level to integrate IT security into product development
  • Hands-on experience developing and integrating IT security solutions into product
    development
  • In depth knowledge of Kubernetes and Helm as well as hands-on experience using them
    (mandatory)
  • Knowledge of Terraform (bonus)
  • Experience with AWS Cloud, especially with implementation of security measures
    (mandatory)
  • Server and network setup and management – on-premises and in the cloud
  • CI/CD build pipeline automation with GitLab Runners and shell scripts (alternatively:
    experience with Jenkins)
  • Knowledge of static and dynamic security scanning tools (mandatory)
  • E.g.: Fortify, JFrog Vision, Burp Suite, OWASP ZAP, Nessus, OpenVAS,
    Metasploit
  • Monitoring and operation of production VMs or Kubernetes clusters in AWS cloud
    (mandatory)
  • Expert in concepts of Continuous Integration (CI) and Continuous Delivery (CD)
  • Experience with security audits
  • Expert in DevOps concepts; can guide transition to a DevOps organization
    (mandatory)
  • Programming skills in CI/CD technologies:
  • Shell scripting: bash (Alternative: Powershell)
  • Regular Expressions
  • GitLab Runner (preferred); Jenkins (acceptable)
             

Similar Jobs you may be interested in ..