DevSecOps Lead  

General Responsibilities:

The DevSecOps Lead is responsible for leading the integration of robust security practices into our DevOps pipeline, ensuring the protection and compliance of our cloud infrastructure. This role demands a strategic mindset to optimize system performance and reliability while fostering a culture of security within the organization.

Duties and Responsibilities:

Cloud Infrastructure Management:

• Lead the design, implementation, and management of scalable, secure, and resilient cloud infrastructure
• Monitor and optimize cloud resource usage and performance, making strategic improvement recommendations.

Security Integration:

• Develop and implement advanced security practices within the DevOps lifecycle.
• Conduct regular security assessments, vulnerability scanning, and penetration testing.
• Implement and manage robust security controls, policies, and procedures.
  
  Continuous Integration/Continuous Deployment (CI/CD):
  
• Architect and maintain CI/CD pipelines to automate and secure deployment processes.
• Ensure integration of advanced security checks within the CI/CD pipelines.
  
  Compliance and Governance:
  
• Ensure adherence to industry regulations (e.g. GDPR, HIPAA, PCI-DSS) and internal compliance standards.
• Implement and manage comprehensive compliance monitoring tools and frameworks.
• Prepare and maintain detailed documentation for audits and compliance requirements.
  
  Monitoring and Incident Response:
  
• Implement and manage sophisticated monitoring tools for cloud infrastructure and applications.
• Develop and maintain incident response plans and procedures.
• Lead complex incident response activities, including root cause analysis and comprehensive remediation.

Collaboration and Leadership:

• Foster a collaborative environment by working closely with development, operations, and security teams.
• Collaborate with cross-functional teams, including developers, operations, and security, to ensure seamless integration of security practices.
• Facilitate knowledge sharing, and provide training, mentorship, and guidance on DevSecOps principles and practices to team members.
• Communicate effectively with stakeholders to report on security posture, incidents, and strategic improvements.
• Other job-related activities that may be assigned from time to time.

• Deep expertise in Cloud services (EC2, S3, RDS, Lambda, IAM, VPC, CloudFormation, etc.).
• Proficiency in infrastructure as code (IaC) tools such as Terraform or CloudFormation.
• Extensive experience with CI/CD tools such as Jenkins, GitLab CI, or CodePipeline.
• Strong knowledge of advanced security best practices and frameworks (NIST, CIS, OWASP, etc.).
• Experience with advanced security tools such as, GuardDuty, Inspector, and WAF.
• Proficiency in scripting languages such as Python, Bash, or PowerShell.
• Familiarity with containerization technologies (Docker, Kubernetes) and their security aspects.
• Strong understanding of networking and network security concepts.

Qualifications:

• Had background in Architecture, Automation and security as a DevSecOps