Manager DevSecOps

DescriptionDescription

• Create and implement security practices & tools within CI/CD pipelines where applicable to integrate security into the DevOps lifecycle.
• Identify, evaluate, and remediate security vulnerabilities in applications and infrastructure.
• Design, develop, & implement solutions to address infrastructure & security requirements.
• Develop, manage & integrate into CI/CD pipelines automated security testing processes.
• Oversee security incidents, including monitoring, analysis, and response.
• Align security practices with project goals in development, operations, & security teams.
• Set up and manage security monitoring tools and processes.
• Ensure team creates and maintains comprehensive documentation of security practices, procedures, and incidents.
• Provide training & guidance to team on security best practices & emerging threats.
• Be apprised of latest developments in DevSecOps & Cloud to keep the DevSecOps processes current and relevant.
• Build and support a team of DevSecOps Engineers
  
  

• At least 5 years of proven work experience in DevSecOps, security engineering, or a related field.
• At least 3 years of people management experience.
• Bachelor’s degree in computer science, Information Security, Physics, Mathematics, or a related technical field.
• Good understanding of security principles, tools & practices for experience with CI/CD tools (e.g., Jenkins, GitLab CI/CD).
• Proficiency in scripting languages (e.g., Python, Bash).
• Knowledge of security practices for AWS, , and GCP.
• Expertise in vulnerability scanning and assessment tools, such as Snyk and InsightAppSec, and familiarity with security services like Wiz, SIEM, SOC, and SentinelOne.
• Skills in managing security incidents and conducting threat analysis.
• Familiarity with configuration management tools.
• Knowledge of API Security, Container Security, and AWS Cloud Security.
• Understanding compliance standards and policies such as, HIPAA, SOC2, GDPR, and CCPA, including related certification and audit processes.
• Strong communication skills, with the ability to effectively convey complex security concepts to technical and non-technical stakeholders.
• Continuously monitor security controls for all IT Security frameworks
  
  

• Relevant security certifications such as CISSP, CEH, AWS Certified Security Specialty.
• Experience with security frameworks and standards (e.g., NIST, OWASP).
• Skills in penetration testing and ethical hacking.
• Experience with DevOps tools (e.g., Docker, Kubernetes).
• Master’s degree in Cybersecurity, Computer Science, Information Security, or a related field.