Senior DevSecOps Engineer

Position

We are seeking a skilled and motivated Senior DevSecOps Engineer to join our team. The successful candidate will be responsible for initiating security awareness in code development and deployment, as well as providing robust security solutions through various security-oriented tools. This role is crucial to maintaining the integrity, confidentiality, and availability of our applications and data across our extensive cloud infrastructure.

What you will do

·    Security Awareness & Training: Develop and implement security training programs for development and operations teams to promote best practices in secure coding and deployment.

·   Security Policies & Procedures: Establish and enforce security policies, standards, and procedures that align with industry best practices and regulatory requirements.

·   Vulnerability Management: Conduct regular security assessments, vulnerability scanning, and penetration testing to identify and mitigate security risks.

·   Incident Response: Lead and coordinate response to security incidents, ensuring quick resolution and thorough investigation to prevent recurrence.

·   Cloud Security Architecture: Design and implement secure cloud architectures, including network security, identity and access management, and data protection strategies.

·   DevSecOps Integration: Integrate security tools and practices into CI/CD pipelines to automate security testing and ensure secure code deployment.

·   Monitoring & Logging: Set up and maintain security monitoring and logging solutions to detect and respond to potential security threats in real-time.

·   Compliance: Ensure compliance with relevant legal and regulatory requirements, such as GDPR, and others applicable to Codeway’s operations.

·   Collaboration: Work closely with DevOps, product teams, and other stakeholders to embed security into every stage of the software development lifecycle.

What you will bring

·   Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field.

·   Minimum 5-8 years of experience in cloud security engineering or a related role.

·   Proven experience with public cloud platforms (Google Cloud, AWS).

·   Strong understanding of Kubernetes security.

·   Demonstrated experience in mobile application security, including securing mobile APIs, OWASP Mobile Top 10 risks, and mobile secure development practices.

·   Familiarity with security tools and platforms (e.g., SIEM, IDS/IPS, vulnerability scanners), with the ability to support their integration and follow up on findings in collaboration with relevant teams.

·   Certifications (Nice to have): Relevant certifications such as CISSP, CISM, CEH, or cloud-specific certifications like AWS Certified Security - Specialty, Google Professional Cloud Security Engineer.

·   Proficiency in scripting and automation (e.g., Python, Bash).

·   Deep understanding of network security, encryption, and key management.

·   Familiarity with DevSecOps practices and tools (e.g., Jenkins, GitLab CI, Terraform).

·   Excellent problem-solving and analytical skills.

·   Strong communication skills, with the ability to explain complex security concepts to non-technical stakeholders.

·   Proactive and self-motivated with a strong sense of ownership and accountability.

Nice to Have

·   Experience in AI and machine learning security.

·   Knowledge of data privacy regulations and best practices.

·   Experience with home-grown data analytics platforms.