DevSecOps Engineer (Azure)
DevOps
DevSecOps Engineer (Azure)
Wrocław
Type of work
Undetermined
Experience
Senior
Employment Type
B2B
Operating mode
Remote
Tech stack
Azure
Docker
Kubernetes
Terraform
Ansible
Jenkins
English
Powershell
Job description
Online interview
Responsibilities:
- Build relationships with stakeholders and service leaders to incorporate security principles into engineering design and employments
- Supervise implementation, testing and validation of Azure security controls across projects
- Oversee implementation of defensive configurations and countermeasures across cloud infrastructure and applications
- Draft and uphold Secure SDLC strategy and practices in tandem with other technical team leads
- Recommend services and tools to enable developers and engineers to easily use security components produced by application security team members
- Simplify automation that applies security inter-workings with CI/CD pipelines (Azure Pipelines and Github Actions)
- Support the ability to “shift left” and incorporate security early on and throughout the development lifecycle including threat modeling and developer IDE security features.
- Assist prioritization of vulnerabilities identified in code through automated and manual assessments and promote quick remediation
- Communicate vulnerability results in a manner understood by technical and non-technical business units based on risk tolerance and threat to the business, and gain support through influential messaging
- Join forces and provision security principles in architecture, infrastructure and code
- Enrich DevOps architecture with security standards and best practices, promote baseline configuration and work to reduce drift
- Partner with teams to define key performance indicators (KPIs), key risk indicators (KRIs) and distribute useful program metrics across business units
- Perform other duties as assigned
Requirements:
- At least 7+ years’ experience in information technology, information security administration or security operations
- Experience working with development and infrastructure teams in agile workflows, including Scrum and Azure DevOps
- Understanding of containerized computer (e.g., Docker) and container orchestration (e.g., Docker Swarm, Kubernetes)
- Understanding of CloudFormation, Terraform, Ansible and Jenkins
- Proficient in securing Windows and *nix operating systems, applications, networking protocols and devices under a baseline requirement framework
- Experience with operations and security across Amazon Web Services (AWS) and Google Cloud Platform (GCP) with specific concentration with Azure
- Ability to obtain and maintain technical team and business support to influence a collaborative effort to reduce attack surface while performing rapid, continuous testing and implementation
- Capable of scripting in Python, Bash or PowerShell
- Understanding of OWASP, CVSS, the MITRE ATT&CK framework and the software development lifecycle (SLDC) and how to balance the recommendations of each against business priorities
- Knowledge of Payment Card Industry (PCI), Gramm-Leach-Bliley Act (GLBA), National Institute of Standards (NIST) or Center for Internet Security (CIS) control requirements
Our offer:
- Workplace: 100% remote
- MultiSport Plus
- PZU group insurance
- Medicover Premium
- e-learning platform
Check similar offers
