Hello, Hope you are doing good.
We have an immediate opening for the below position, kindly let me know your interest with your updated resume at *[email protected] <[email protected]>*. *Skill Set* *Is Remote Ok* *JD* DevSecOps Engineer Remote is Ok * To be the evangelist towards ‘security by design’ / ‘security as code’ / 'Shifting Left’ to help Metapack’s journey from a DevOps to a DevSecOps culture. The role sits within the infosec team which is part of the larger R&D Tech function who work at scale, pace and with the latest architecture patterns and tech. We have a flat and open engineering culture where data, & evidence beats opinion and hierarchy, backed by honest and frank discussions. We passionately believe in forming autonomous, cross functional teams who are empowered to deliver our ambitious strategy. What would I be doing? Leading and Implementing required Security Tooling for securing our SDLC (SAST, SCA, DAST) Working with Teams to secure their Applications and Service (ie API security) Developing the automation of security and compliance capabilities in support of DevOps processes (SDLC) Implementing security features and monitoring tools, performing periodic security assessments Being part of the internal Infosec / cyber security incident process - investigate suspected attacks and help manage security incidents, including providing post-mortem analysis, identify causes, develop solutions and preventive measures Managing the development, refresh and implementation of policies, standards, guidelines and procedures related to DevSecOps and Cloud Security Building relationships with all staff to promote “Security by Design” throughout the Engineering Teams What key skills and experience do I need? As a trusted technical authority within Security engineering for Application Security who can demonstrate and apply the following; Detailed technical knowledge of vulnerabilities, threats, attack methods and infection vectors with SDLC General development knowledge: At a high-level how an engineer builds and deploys code from their IDE through the pipeline and to production. Of a typical pipeline build (Jenkins or TeamCity) and therefore can advise teams on how to implement steps to automate security tools ie Static Application Security Testing (SAST) or Software Composition Analysis (SCA) as part of the build Able to review basic HashiCorp Terraform Syntax and advise engineering teams on how to secure and deploy their Terraform code. Experience of running “Threat Modelling” for teams and products with reference to secure engineering principles, and standards (eg OWASP\CIS\NIST) Able to balance the demands of delivering high quality and demanding timescales. Hold yourself accountable to delivering on your commitments. Your every action demonstrates that collaboration is the best way to deliver awesome products. It would be great if you also could bring Knowledge of code training platforms ie Secure Code Warrior Willing to attend conferences, webinars and meet-ups and share the learning. Experience of using automation to solve complex problems A desire to constantly challenge the norm* *Bharat Chhibber | Sr. Technical Recruiter* *Direct: 919 626 9615 | EMAIL [email protected] <[email protected]>* -- You received this message because you are subscribed to the Google Groups "Android Discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/android-discuss/CAEmgVe3W6LvPAGJ9DpeZWhh327dQcSVX0%2Bt6n-n-orSZLJU0Dw%40mail.gmail.com.
