DevSecOps Engineer

Incorporate secure software development from architecture to deployment and maintenance based on DevSecOps framework.

Develop secure software development process and train the developers.

Design & implement secure software development life cycle solutions based on various tools

Contribute to tool process evaluation, selection, and recommendation internally.

Provide advisory to IT & developers

Participate in execution of training programs for different teams

Define secure software development life cycle.

Define applications security architecture elements

Define documentation of security requirements for applications (web, mobile, host, SOA, etc.).

Experience

Candidate must have 6-10 years experience with SW development, DevSecOps (4 yrs experience)

Secure SLDC and Application Security Testing; has a passion for Security, Agile, and DevOps.

Experience in management and definition of security in the software development lifecycle (SDLC)

Working knowledge of Waterfall, Agile, and primarily DevOps development methodologies

Experience in software development and SDLC in Java, Python, C#, etc

Experience with Automation in testing or orchestration Selenium, Maven, Ant, Msbuild, Npm, Yarn, Jenkins, Team City, etc

Knowledge of conducting security checks (static and dynamic code analysis, vulnerability analysis in applications and penetration tests, security component analysis)

Understanding or virtualization and container technologies (Docker, Kubernetes, OpenShift)

Experience with OWASP Testing Guide v3/4 and OWASP TOP 10

Experience In Web And/or Mobile Applications And Common Vulnerabilities

Communications skills including the ability to understand client process in any area in detail

Excellent coordination and communication skills

Education

Graduate/postgraduate in any discipline.

Certifications from pentesting vendors (OSCP, CEH,) are preferred

SAST & DAST tools related education and certificates are beneficial