DevSecOps Lead

General Responsibilities

The DevSecOps Lead is responsible for leading the integration of robust security practices into our DevOps pipeline, ensuring the protection and compliance of our cloud infrastructure. This role demands a strategic mindset to optimize system performance and reliability while fostering a culture of security within the organization.

Duties And Responsibilities

Cloud Infrastructure Management:

• Lead the design, implementation, and management of scalable, secure, and resilient cloud infrastructure
• Monitor and optimize cloud resource usage and performance, making strategic improvement recommendations.
  
  

• Develop and implement advanced security practices within the DevOps lifecycle.
• Conduct regular security assessments, vulnerability scanning, and penetration testing.
• Implement and manage robust security controls, policies, and procedures.
  
  

• Architect and maintain CI/CD pipelines to automate and secure deployment processes.
• Ensure integration of advanced security checks within the CI/CD pipelines.
  
  

• Ensure adherence to industry regulations (e.g. GDPR, HIPAA, PCI-DSS) and internal compliance standards.
• Implement and manage comprehensive compliance monitoring tools and frameworks.
• Prepare and maintain detailed documentation for audits and compliance requirements.
  
  

• Implement and manage sophisticated monitoring tools for cloud infrastructure and applications.
• Develop and maintain incident response plans and procedures.
• Lead complex incident response activities, including root cause analysis and comprehensive remediation.
  
  

• Foster a collaborative environment by working closely with development, operations, and security teams.
• Collaborate with cross-functional teams, including developers, operations, and security, to ensure seamless integration of security practices.
• Facilitate knowledge sharing, and provide training, mentorship, and guidance on DevSecOps principles and practices to team members.
• Communicate effectively with stakeholders to report on security posture, incidents, and strategic improvements.
• Other job-related activities that may be assigned from time to time.
  
  

• Deep expertise in Cloud services (EC2, S3, RDS, Lambda, IAM, VPC, CloudFormation, etc.).
• Proficiency in infrastructure as code (IaC) tools such as Terraform or CloudFormation.
• Extensive experience with CI/CD tools such as Jenkins, GitLab CI, or CodePipeline.
• Strong knowledge of advanced security best practices and frameworks (NIST, CIS, OWASP, etc.).
• Experience with advanced security tools such as, GuardDuty, Inspector, and WAF.
• Proficiency in scripting languages such as Python, Bash, or PowerShell.
• Familiarity with containerization technologies (Docker, Kubernetes) and their security aspects.
• Strong understanding of networking and network security concepts.
  
  

• Had background in Architecture, Automation and security as a DevSecOps