Job Title: DevSecOps Engineer

Designation: DevSecOps Engineer

Reports to: Chief Information Security Officer (CISO)

Location: Remote

Shift: Standard (09:00 AM to 06:00 PM) from Monday to Friday

Position Overview

The DevSecOps engineer is an advanced role to help support, secure, manage and deploy solutions that support business objectives. The role is highly technical, and candidates must possess a solid understanding of information security, infrastructure, software and various operating systems. The role also requires an understanding of business goals/strategy and operational requirements in a fast-paced environment. The DevSecOps engineer supports continuous integration and continuous deployment (CI/CD) initiatives and is an integrated team member working with software developers, system engineers, cybersecurity engineers and systems administrators. At times, the DevSecOps engineer acts as a liaison with business stakeholders to understand the strategy and execution outlook. The role is heavily security-focused and ingrained in the CI/CD pipeline automation to deliver security principles and validation at all times. The DevSecOps Engineer is responsible to develop and implement DevSecOps as a service offering to the enterprise and customers.

DevSecOps engineers have a strong work ethic, perform analytical and critical thinking, and are masterful at meeting change requests on demand. They are expected to work well with business units and possess superior listening and communication skills, in addition to expected technical expertise. In tandem with security and technical leadership, and with multi-disciplinary departments, DevSecOps engineers embody security-first principles, constantly assess the threat landscape and adapt quickly to manage enterprise risk, as well as integration and deployment requirements. 

Roles and Responsibilities

1. Lead the development and implementation of DevSecOps practices within the company and extend them as a customer service, integrating security, development, and operations for secure and efficient software delivery.
2. Build relationships with developers, stakeholders and scrum masters to incorporate security principles into engineering design and deployments.
3. Supervise testing and validation in application security controls across projects.
4. Oversee implementation of defensive practices and countermeasures across infrastructure and applications.
5. Draft and uphold CI/CD security strategy and practices in tandem with other technical team leads.
6. Serve as a point of contact for security-based escalations and remain tightly involved through resolution.
7. Build services and tools to enable developers and engineers to easily use security components produced by application security team members. 
8. Simplify automation that applies security inter-workings with CI/CD pipelines.
9. Enrich DevOps architecture with security standards and best practices.
10. Support the ability to “shift left” and incorporate security early on and throughout the development lifecycle with risk assessments, architecture reviews and threat modeling.
11. Identify vulnerabilities in code through automated and manual assessments (SAST, DAST, IAST, RASP, and SCA tools), and promote quick remediation.
12. Communicate vulnerability results in a manner understood by technical and non-technical business units based on risk tolerance and threat to the business, and gain support through influential messaging.
13. Leverage vulnerability database sources to understand the weakness, probability and remediation options supplied by vendors as well as workarounds.  
14. Join forces and provision security principles in architecture, infrastructure and code. 
15. Regularly research and learn new tactics, techniques and procedures (TTPs) in public and closed forums, and work with colleagues to assess risk and implement/validate controls as necessary through the CI/CD pipeline.
16. Partner with teams to define key performance indicators (KPIs) and metrics across business units.
17. Share lessons and takeaways from engagements to improve practice competencies.
18. Openly support the organization, management and executive leadership team always.
19. Perform other duties as assigned.

Skills and Qualifications

• Task Related skills and Certifications 

1. Bachelor’s degree in Computer Science, Information Technology, or a related field.
2. Five to Seven years’ experience in information technology, information security administration or security operations. 
3. Three or more years of experience in cybersecurity with a product and application security engineering background.

• Competencies and Soft Skills 

1. Experience with SCA, SAST, DAST, IAST and RASP.
2. Experience with public cloud providers (AWS, Azure, GCP).
3. Proficient in securing Windows and *nix operating systems, endpoint applications, networking protocols and devices.
4. Experience with container security, such as Docker and Kubernetes.
5. Knowledge of CI/CD platforms, such as Jenkins and CircleCI.
6. Experience building prototypes of tools and exploits, as well as conducting vulnerability and penetration tests.
7. Proficiency in software development (Java, Rust, Golang, Python, C++, Ruby, etc.).
8. Experience with security requirements for APIs.
9. Knowledge of General Data Protection Regulation (GDPR), Payment Card Industry (PCI), National Institute of Standards (NIST) or International Standards Organization (ISO) requirements.
10. Preferable to have one or more of the following certifications: GWAPT, GWEB, GCSA, CISSP, CSSLP 
11. Exceptional project management skills and capable of managing complex and lengthy engagements.
12. Aptitude for technical writing, combined with outstanding business acumen and communication skills.
13. Effective presentation skills, capable to delivering findings, risk and recommendations to stakeholders.
14. High degree of integrity, trustworthiness and confidence; represents the company and its management team with the highest level of professionalism.
15. Written and verbal proficiency in English and Nepali languages.

Note: The job description indicates general expected responsibilities and requirements and may be subject to revision based on Genese Solution’s evolving needs.

What We Offer

• 5 working days a week (09:00 am-06:00 pm)
• Multinational company located in the UK, Australia, Nepal, Bangladesh, Pakistan, Finland, USA and India
• Best-in-class work environment with friendly team members (refreshment, recreational, team building activities)
• Exposure to team management and leadership
• Opportunity to travel to other countries as part of training and development
• Work in multidisciplinary areas in a start-up ecosystem

How to apply?

Suitable candidates meeting the above criteria are requested to send their CV and cover letter to hr@genesesolution.com 

Only shortlisted candidates will be invited for the further selection process. You are requested to clearly mention the position you are applying for in the subject of the email. 

OR

Apply Now