Experience working with Github Actions and Terraform, building pipelines to deploy infrastructure and applications to Azure Cloud landing zones
Deep knowledge and understanding of common DevOps practices involving Automation, CI/CD, deployments, approval gates, hooks, and various methods for deploying software applications through multiple environments to target platforms
Experience with software Testing tools and frameworks
Extensive Experience and proficiency with GIT source code control and different branching strategies such as “trunk based development”
Ability to direct and manage dev teams on best practices and usage patterns for devops CI/CD and automation leading to more secured software application deployments
Well versed in software bill of material and software supply chain analysis and safe practices
Experience creating and administering CI/CD tooling such as Azure Dev Ops, Jenkins, git hub actions
Experience with and deep understanding of difference vulnerability scanning techniques and their relevant tools such as SAST, DAST, SCA, IAST security scanning
Solid understanding of SDLC processes, modern programming stacks and their relevant vulnerabilities, .NET and Java
Operational experience and knowledge in common security scanning tooling and integration into CI/CD pipelines such as Azure DevOps, GitHub, Jenkins. e.g. Veracode, AppScan, CheckMarx, Snyk, Contrast, Sonar, Synopsis
Familiarity with OWASP and NIST standards and best practices for application security
Ability to assess false positives in security scanning tooling and give feedback and guidance to development teams on security scanning results
Experience Adding security scanning tooling tasks to pipeline
Ability to perform automation and scanning of applications written or created with .NET and Java Development stacks
Participate in design and code reviews, aligning with architectural goals.