DevSecOps

Requirements

• Experience in DevOps, DevSecOps, or application security.
  
• Knowledge of CI/CD pipelines (e.g., Jenkins, GitLab CI/CD, GitHub Actions, Azure DevOps).
  
• Experience with Infrastructure as Code (IaC) (e.g., Terraform, ARM, CloudFormation).
  
• Knowledge of containers and orchestration (Docker, Kubernetes).
  

• SAST (e.g., SonarQube, Checkmarx, Fortify).
  
• DAST.
  
• SCA.
  
• Container security scanning.
  
• Knowledge of cloud platforms (Azure, AWS, or GCP).
  
• Experience in vulnerability management and application security .
  

• Experience with Kubernetes security.
  
• Knowledge of OWASP Top 10 and secure coding practices.
  
• Experience with secret management (e.g., Vault, Azure Key Vault, AWS Secrets Manager).
  
• Experience with security monitoring and observability.
  

• Certified Kubernetes Security Specialist (CKS).
  
• AWS / Azure Security certifications.
  
• CSSLP or similar.
  

• Integrate security controls into CI/CD pipelines.
  
• Automate vulnerability analysis and security testing processes throughout the development lifecycle.
  
• Implement SAST, DAST, SCA, and container scanning tools.
  
• Collaborate with development teams to ensure adoption of secure coding best practices.
  
• Define and implement security policies in Infrastructure as Code (IaC).
  
• Monitor vulnerabilities in dependencies, libraries, and container images.
  
• Support the design of secure architectures for cloud applications and microservices.
  
• Implement secret and credential management mechanisms.
  
• Contribute to the automation of compliance and security checks in delivery processes.
  
• Collaborate with security teams in the response and mitigation of identified vulnerabilities.