DevSecOps Security Engineer

19 مارس، 2023

0 0 3 دقائق

الوصف الوظيفي

Job Description

Our Mission is to Simplify Life. We are looking to Simplify and automate complex decision-making for customer centric industries, like Utilities, Financial Services, Logistics, and commerce, that drive the world's economies and you have the chance to join the revolution. We are trying to solve huge challenges in today's enterprise that are directly impacting the employee and customer experience.

What can we promise you:

You’ll join a global family of awesome, passionate people that are working together to build a sustainable, scalable ecosystem committed to using logic to create a better experience.
We want you to help us become better. You will be empowered to drive change and innovate.
That we will invest in you. We will give you the opportunity to master your domain and drive excellence.

Main Objective of the Position:

The DevSecOps Engineer – Security Engineer is responsible for implementing the latest technologies to support Avertra’s IT security framework and ensuring that Avertra’s security program is carried out across the organization.

Main Job responsibilities:

Ensure that our development considers the latest thinking, patterns in software security development and best practice – providing recommendation, with user stories
Ensure that capabilities are deployed through a continuous development pipeline with security requirements satisfied at the time of deployment
Engineer solutions on AWS, Azure DevOps, and Google Cloud Platform (GCP) using Infrastructure-As-Code methods such as Terraform and Ansible
Work with the DevOps and engineering teams to create effective CI/CD implementations, helping to configure and maintain them
Setting up scans and continuous monitoring
Defining hardening controls and security policies for Kubernetes and docker
Hands on experience with Kubernetes, docker, AWS EKS and ECS
Setting up secure CI/CD pipelines for scanning of images and docker registries
Help with the release management of new software into the production platform
Researches emerging threats and vulnerabilities to aid in the identification of incidents
Generates reports on assessment findings and summarizes to facilitate remediation tasks to the technical and management teams
Plans, develops, and executes vulnerability scans of organization’s projects in the Software Development Life Cycle (SDLC)
Recommends security controls and/or corrective actions for mitigating software and architecture vulnerabilities
Good understanding of RBAC (Role based Access Controls) principles
Good understanding of Security by Design and Privacy by Design principles
Produces vulnerability, configuration, and coverage metrics and reporting to demonstrate assessment coverage and remediation effectiveness
Perform periodic security and compliance related reviews and audits on software lifecycle and measuring against different regulations such as ISO, NIST, SOC, HIPAA

المهارات

Needed competencies:

Knowledge of OpenShift, Kubernetes, and Docker
Experience with AWS, Azure, and/or Google Cloud
Knowledge of Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST) tools
Experience with CI/CD pipeline tools such as Ansible, Jenkins, GitLab/ GitHub and Artifactory or Nexus
Knowledge of PCI-DSS, HIPPA, SOX, GDPR, and CCPA Standards and Policies and the associated certification and audit processes would be a plus
Familiarity with security policy, configuration, and security management tools
Experience with security automation and machine learning
Ability to assess, select and successfully deploy appsec tools across multiple domains.
Ability to speak and write clearly and accurately

Education:

Bachelor's degree in Engineering, Cyber Security, Computer Science or a related technical discipline with 3+ years of experience with development and security

Experience:

At least 3 years of experience in IT Security, Controls, or Auditing
Knowledge of OpenShift, Kubernetes, and Docker
Experience with AWS, Microsoft Azure, and/or Google Cloud
Knowledge of Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST) tools
Experience with CI/CD pipeline tools such as Ansible, Jenkins, GitLab/ GitHub and Artifactory or Nexus
Hands-on experience using VeraCode, SonarQube, a plus
Knowledge of Windows and Linux security and patch management
At least 2-3 years of experience in the Application Development (DevOps)
At least 1 year of experience in Application Security Testing

Knowledge, Skills and Abilities:

Excellent English
Able to interact with internal and external customers remotely via phone or conference system
Must possess a minimum of intermediate skill level with MS, Word, Excel and PowerPoint
Knowledge of relevant software computer applications and systems
Effective listening skills
Multi-tasking capabilities

Preferences:

SAST & DAST tools related education and certificates are beneficial

Travel:

Up to 15%

Work Schedule:

Per Jordan office work schedule