Next job

DevSecOps Engineer in Intellias

Posted more than 30 days ago

3 views

Intellias

Intellias

0
0 reviews
Without experience
Full-time work
Пряме повідомлення учасника, який розмістив вакансію, з Intellias Tatyana Rudchenko What’s it like to work at a company where people are the biggest
Пряме повідомлення учасника, який розмістив вакансію, з Intellias Tatyana Rudchenko What’s it like to work at a company where people are the biggest value? With more than 3 200 employees on board, Intellias cherishes a human-to-human culture. Get on board and enjoy working in a really caring and friendly environment!We are seeking a highly skilled DevSecOps Engineer to join our security team. The ideal candidate will have a strong background in both development and security practices, with extensive experience in Azure, Azure DevOps, AWS services, and industry compliance standards such as ISO/IEC 27001, GDPR, and NIST. The DevSecOps Engineer will be responsible for integrating security into the development and operational processes, ensuring that our infrastructure is secure, resilient, and compliant with industry standards. Additionally, the role will involve performing DevOps tasks for our internal products to enhance our development efficiency and product reliability.Requirements:Strong practical experience in implementing DevOps and Secure SDLC principles, development and testing automation, source code analysis, application security testing, container security, secret management, open-source and supply chain security, cloud environment hardening.Deep knowledge of core security principles and processes, such as security-by-design, security-by-default, threat modeling, risk management, vulnerability and patch management, incident response, encryption.Up-to-date practical knowledge of application and cloud security standards and frameworks, such as OWASP Top 10, DSOMM, SAMM, BSIMM, MSDL, CIS, CSA CCM, CSA STAR, MITRE ATT&CK.Strong knowledge of security frameworks and standards, particularly ISO 27001 and ISO 27017.Strong understanding of automation tools, programing and scripting languages (bash, PowerShell, Python, Java etc.).Strong practical experience in installing, configuring and implementing of the following software and technologies or similar:Azure DevOps, Bamboo, Jenkins.Terraform, Ansible, Chef Automate.AWS CloudFormation, Azure Resource Manager.AWS and Microsoft Azure services (IAM, Security groups, EC2, Microsoft Entra, CloudTrail, etc.).SAST tools (SonarQube, SonarCloud).DAST tools (Burp Suite, Acunetix, Checkmarx, Veracode, OWASP ZAP).Threat modeling tools (OWASP Threat Dragon, Microsoft Threat Modeling Tool).GitHub, GitLab, Bitbucket.Jira, Trello.Docker, Kubernetes.Ubuntu, Debian, CentOS.Any test automation software.Knowledge of network security, identity and access management, and data protection.Excellent problem-solving skills and the ability to work under pressure.Strong communication and collaboration skills.English upper-intermediate.Preferred Qualifications:Relevant certifications such as CISSP, CISM, CEH, or Azure Security Engineer Associate.Experience with Infrastructure as Code (IaC) tools (e.g., Terraform, CloudFormation).Familiarity with compliance standards such as ISO 27001, ISO 27017, TISAX.Experience with security information and event management (SIEM) solutions.Responsibilities:Collaborate with development, operations, and security teams to design, implement, and manage secure development practices and infrastructure.Integrate security tools, standards, and processes into the DevOps pipeline, including SAST, DAST, and RASP tools.Conduct security assessments and code reviews for backend, frontend, and infrastructure as code to identify and mitigate potential vulnerabilities.Oversee security and risk assessment activities and coordinate the internal team to ensure task completion.Automate security controls, data, and processes to provide improved metrics and operational support using CI/CD tools like Jenkins and GitLab CI/CD.Support Security team in maintenance and development of security monitoring, logging, and alerting solutions, utilizing tools such as Splunk and the Zabbix.Ensure compliance with relevant security standards and regulations, such as ISO/IEC 27001, GDPR, and NIST.Provide guidance and training to development teams on secure coding and DevSecOps best practices.Respond to security incidents and provide post-incident analysis and reporting, following a structured incident response plan.Stay up to date with the latest security trends, tools, and technologies, incorporating them into our practices where appropriate.Design, implement, and manage CI/CD pipelines for internal product development to ensure efficient and reliable deployments.Collaborate with internal development teams to streamline the build, release, and deployment processes.Monitor and maintain the performance, availability, and reliability of internal product infrastructure.Implement and manage infrastructure as code (IaC) practices to automate the provisioning and management of internal product environments.Ensure proper configuration management and version control for internal product deployments.Assist in the troubleshooting and resolution of production issues related to internal products.Provide support for the development, testing, and production environments of internal products.Continuously evaluate and implement new DevOps tools and practices to improve the internal product development lifecycle. Show more Show less Посадовий рівень Старший середній рівень Тип зайнятості Повний робочий день Посадові обов’язки Інженерія Галузі Інженерні послуги
Without experience
Full-time work
Want to get related jobs?
New job openings in your Telegram
Subscribe
We use cookies
accept