Integrate Security Tools: Develop and implement security tools and practices into our CI/CD pipelines to ensure secure software development and deployment.
Automation: Automate security testing and monitoring within the CI/CD pipelines to detect vulnerabilities early in the development cycle.
Collaboration: Work closely with development, operations, and security teams to ensure seamless integration and adoption of security practices.
Security Assessments: Conduct regular security assessments and audits to identify and mitigate potential security risks.
Incident Response: Assist in the development and implementation of incident response plans and procedures.
Continuous Improvement: Stay up to date with the latest security trends, tools, and best practices to continuously improve our security posture.
Documentation: Maintain comprehensive documentation of security processes, tools, and procedures.
Qualifications:
Experience: Proven experience in DevSecOps and the integration of security tools within CI/CD pipelines.
Technical Skills:
Familiarity with CI/CD tools (e.g., Jenkins, GitLab CI, CircleCI, etc.).
Experience with security tools such as SAST, DAST, vulnerability scanners, and more.
Strong programming skills in languages such as Python, Java, or similar.
Hands-on experience with AWS and its security services.
Knowledge: In-depth understanding of security principles, DevOps practices, and cloud security.