DevSecOps Engineer
Company Details
Job Summary
- Junior Security Architect
- DevSecOps background
- 12 months Initial
The Role
DevSecOps Engineer, 12 month initial
- An experienced Junior Security Architect who has hands on Penetration Testing, DevSecOps experience ( 3 – 4 Years).
- MUST have qualifications in cyber security and preferable experience working as a junior security architect within large banks.
The candidate will perform the following functions as an individual assignment:
- Review solution designs & provide security solutions to ensure alignment to InfoSec standards, policies and organizational risk appetite.
- Applying up-to-date knowledge of threat modeling, risk assessment techniques, code & config reviews and current best practices treat & counter cybersecurity threats
- Responsible for securing hybrid cloud infrastructure & application deployment
- Identify & remediate gaps in DevOps processes
-Be involved in every stage in the software project lifecycle, from initial design and build to rollout and maintenance
-Experience with CI/CD tools, such as Jenkins, GitLab CI/CD, CircleCI, Puppet etc
-Experience Docker and Kubernetes etc.
-Ensure reduction in security-related build time delays. - Review efficacy of security controls and treat findings.
- Ensure information systems are under appropriate control from an information security point of view including maintaining compliance with PCI-DSS, ISO 27001, NSW & Australian Government standards.
- Ensure alignment to security guard rails.
- Collaborate with, and provide guidance to, service providers / internal teams to ensure timely and effective delivery of security services and outcomes.
- Assist in delivery of tactical and strategic security and risks management programs.
- Represent the Security and Risk team within the organization, its service providers and related parties.
- Assist in the development of security policy, standards and processes
- Manage the dependencies and the interfaces between projects
- Implement program and project governance arrangements
- Assist with development of security program strategy
- Monitor and respond to issues at the project and program level as needed
- Escalate decisions to sponsor and/or program advisory board as necessary
- Manage relationships with internal and external stakeholders, including vendors, with respect to Program delivery
- Control of documentation quality including program health checks when needed
- Provide input into individual project content and provide advice and mentoring as required
The Person
- Demonstrable and comprehensive experience in stakeholder management involving stakeholders at all levels of the organisation
- Strong understanding of full system life cycle, its typical phases, the deliverable within the phases
- Understanding of process improvement methodologies, related concepts, and frameworks
- Outstanding ability to analyse, isolate and interpret business needs and develop appropriate requirements specifications