Skills & requirements
- Background & Experience: Originating from an open-source operating system background, candidates should possess a minimum of 5 years in IT, with 3 years focused on DevSecOps roles.
- Cloud Expertise: Demonstrated experience working in cloud environments, with a deep understanding of cloud architectures, services, and best practices.
- Penetration Testing & Security Analysis: Proficiency in conducting penetration tests and thorough security analyses to identify vulnerabilities and suggest remediation measures.
- Programming Skills: Strong coding capabilities, with experience in languages such as Python, Go, Java, JavaScript, and TypeScript, to develop and integrate security solutions.
- Certifications: Possessing industry-specific certifications, such as AWS DevOps or Security, will be considered an advantage.
- Leadership & Communication: Prior experience leading teams complemented by excellent communication and leadership abilities.
- Problem-Solving Abilities: Exceptional troubleshooting skills, with a knack for addressing complex technical issues.
- Incident Response: Demonstrated ability in IT Incident Response and handling security breaches.
- Networking: A foundational grasp of networking principles and experience with firewalls from brands like Fortigate, Palo Alto, and Mikrotik.
- Process & Documentation: Process-driven mindset with the ability to produce clear documentation supporting development and security activities.
Security Integration
Collaborate with development teams to integrate security best practices into the software development process
Conduct regular security assessments, code reviews, and vulnerability scans to identify and remediate security issues.
Security Automation
Develop and maintain automation scripts and pipelines for building, testing, and deploying software. Implement infrastructure as code (IAC) to automate infrastructure provisioning and configuration management.
Security Testing
Implement and manage security testing tools and processes, including static application security testing (SAST), dynamic application security testing (DAST), and container security scanning.
Project Planning
Provide guidance and expertise on system options, risk, impact, and costs vs. benefits.
Create and share operational requirements and development forecasts to allow timely and accurate planning of projects.
Development
Install and configure solutions, implement reusable components, translate technical requirements, assist with all stages of test data, develop interface stubs and simulators, and perform script maintenance and updates.
Deployment
Design, implement, and manage robust CI/CD pipelines that accelerate software delivery while maintaining code quality and security.
Build automated deployments through the use of configuration management technology.
Performance Management
Implement comprehensive monitoring and logging solutions to ensure timely issue detection, rapid incident response, and proactive performance optimization.
Give recommendations for enhancing performance via gap analysis, identifying the most practical alternative solutions, and assisting with modifications.
Maintenance and Troubleshooting
Responsible for routine application maintenance tasks.
Create requirements and procedures for implementing routine maintenance.
Diagnose and resolve complex issues in production environments, contributing to high system availability and reliability.
Debugging software for optimum functioning
Reproducing and locating the source of reported bugs and issues.
Fix bugs and issues.
Communicate errors and solutions to product owners.
- Container Orchestration: Docker and Kubernetes.
- Cloud Platforms: Specifically AWS.
- Infrastructure As Code: Tools such as Terraform and Ansible.
- Kubernetes Package Manager: Experience with Helm Charts.
- CI/CD Tooling: Familiarity with Gitlab, Jenkins, CircleCI, among others.
- Penetration Testing Tools: Tools like Burp Suite, W3af, and Zed Attack Proxy.
- Vulnerability Assessment: Hands-on experience with tools like Nessus and Metasploit.
- System Monitoring: Tools including Datadog and New Relic.
- Cloud Security Posture Management: Knowledge of solutions such as Datadog, Prisma Cloud, and Aquasec.
- SIEM Tools: Familiarity with SIEM solutions like Datadog, Splunk, Log Analytics, Elastic, or Exabeam.