DevSecOps Consultant
DevOps
DevSecOps Consultant
Experis Manpower Group
Wrocław
Type of work
jobType.Undetermined
Experience
Mid
Employment Type
B2B
Operating mode
Remote
Tech stack
Docker
Kubernetes
Terraform
Jenkins
Security
Job description
Online interview
Responsibilities:
- Performing security architecture reviews of applications in design and production phases
- Identifying security recommendations, potential threats and attacks to applications systems through threat modeling and vulnerability assessment
- Conducting assessments of applications and platforms (web, cloud, mobile) using range of manual and automated source code review techniques
- Integrating application security tools and process in automated pipelines
- Working with clients to analyze, evaluate, and enhance the effectiveness of their application / platform / product security posture at procedural and technological levels from design to deployment
- Participating in market facing activities. Use current technology and tools to enhance the effectiveness of deliverables and services. Play an active role in counseling and mentoring junior Cybersecurity team members
- Resolving and reviewing resolution of security vulnerabilities as needed
- Improving secure coding practices, application security requirements, automation, training and metrics
- Maintaining an active understanding of industry practices for secure software development
- Working with application development teams to refactor or create security solutions
- Monitoring & Logging and Site Reliability
Experience and skills:
- Experience in performing application security vulnerability assessment using either manual penetration testing and source code techniques or automated commercial SAST/DAST/IAST/SCA/OSA tools
- Experience in performing security architecture/threat modeling
- Experience in evaluating application security programs for clients and developing key elements of the program as part of the enhancement process and developing internal vulnerability assessment and management processes
- Ability to learn and adapt to integrate application security to different CI/CD systems and apply automation as needed
- Minimum 2 years of experience working in Agile development, application security, or DevOps role, with experience in the following technologies:
- Containers (Docker, Kubernetes, etc.)
- Infrastructure as code (Chef, Terraform, etc.)
- Continuous integration (Jenkins, etc.)
- Integration of Security testing tools into pipeline
- Defect tracking (Jira, Bugzilla, ServiceNow etc.)
- Source code management (GitLab, GitHub, BitBucket, etc.)
- Developing enterprise applications or scripts for security testing (security as code)
- Cloud environment (AWS, Azure, GCP) and various Unix-like distributions
- Must have experience in the following:
- Certifications relevant to the role
- Knowledge of networking, infrastructure and applications from a DevOps perspective with a security focus
- Experience in programming or scripting languages
- Broad knowledge of security control techniques and how they can be applied in a traditional IT environment as well as cloud-based systems
- Knowledge of security monitoring, prevention and control systems including anti-virus, web proxies and security software
Nice to have:
- Diploma or Degree in Computer Science, Software Engineering or related discipline with 3+ years’ of overall experience
- Good technical knowledge of Microservice oriented solutions, APIs, Azure AD and common Cloud authentication patterns
- Cloud/DevOps Certification (MS Azure/AWS/GCP)
Offer:
- Workplace: 100% remote
- MultiSport
- Manpower Premium platform
- PZU group insurance
- Medicover