DevSecOps Consultant
DevOps
DevSecOps Consultant
Wrocław
Type of work
Undetermined
Experience
Mid
Employment Type
B2B
Operating mode
Remote
Tech stack
Docker
Kubernetes
Terraform
Jenkins
Security
Job description
Online interview
Responsibilities:
- Performing security architecture reviews of applications in design and production phases
- Identifying security recommendations, potential threats and attacks to applications systems through threat modeling and vulnerability assessment
- Conducting assessments of applications and platforms (web, cloud, mobile) using range of manual and automated source code review techniques
- Integrating application security tools and process in automated pipelines
- Working with clients to analyze, evaluate, and enhance the effectiveness of their application / platform / product security posture at procedural and technological levels from design to deployment
- Participating in market facing activities. Use current technology and tools to enhance the effectiveness of deliverables and services. Play an active role in counseling and mentoring junior Cybersecurity team members
- Resolving and reviewing resolution of security vulnerabilities as needed
- Improving secure coding practices, application security requirements, automation, training and metrics
- Maintaining an active understanding of industry practices for secure software development
- Working with application development teams to refactor or create security solutions
- Monitoring & Logging and Site Reliability
Experience and skills:
- Experience in performing application security vulnerability assessment using either manual penetration testing and source code techniques or automated commercial SAST/DAST/IAST/SCA/OSA tools
- Experience in performing security architecture/threat modeling
- Experience in evaluating application security programs for clients and developing key elements of the program as part of the enhancement process and developing internal vulnerability assessment and management processes
- Ability to learn and adapt to integrate application security to different CI/CD systems and apply automation as needed
- Minimum 2 years of experience working in Agile development, application security, or DevOps role, with experience in the following technologies:
- Containers (Docker, Kubernetes, etc.)
- Infrastructure as code (Chef, Terraform, etc.)
- Continuous integration (Jenkins, etc.)
- Integration of Security testing tools into pipeline
- Defect tracking (Jira, Bugzilla, ServiceNow etc.)
- Source code management (GitLab, GitHub, BitBucket, etc.)
- Developing enterprise applications or scripts for security testing (security as code)
- Cloud environment (AWS, Azure, GCP) and various Unix-like distributions
- Must have experience in the following:
- Certifications relevant to the role
- Knowledge of networking, infrastructure and applications from a DevOps perspective with a security focus
- Experience in programming or scripting languages
- Broad knowledge of security control techniques and how they can be applied in a traditional IT environment as well as cloud-based systems
- Knowledge of security monitoring, prevention and control systems including anti-virus, web proxies and security software
Nice to have:
- Diploma or Degree in Computer Science, Software Engineering or related discipline with 3+ years’ of overall experience
- Good technical knowledge of Microservice oriented solutions, APIs, Azure AD and common Cloud authentication patterns
- Cloud/DevOps Certification (MS Azure/AWS/GCP)
Offer:
- Workplace: 100% remote
- MultiSport
- Manpower Premium platform
- PZU group insurance
- Medicover
Check similar offers
