Deel

DevSecOps Engineer

Deel

full-time

Posted on:

Origin:  • 🇺🇸 United States

Visit company website
AI Apply
Manual Apply

Job Level

Mid-LevelSenior

Tech Stack

CloudDockerJavaScriptKubernetesPythonTypeScript

About the role

  • Security Automation: Develop and maintain automated security tools and processes to identify vulnerabilities, perform code analysis, and conduct security testing. This includes integrating security scanners, static code analysis tools, and vulnerability assessment tools into the CI/CD pipeline.
  • Secure Infrastructure: Work with infrastructure and operations teams to design and implement secure cloud infrastructure, network architecture, and deployment processes. This involves ensuring proper access controls, encryption, and monitoring are in place.
  • Continuous Monitoring: Implement security monitoring tools and processes to proactively identify and respond to security events and anomalies. This includes log analysis, intrusion detection, and system monitoring.
  • Secure Coding Practices: Promote and enforce secure coding practices within the development teams. Provide guidance on secure coding techniques, code reviews, and security testing methodologies.
  • Collaboration and Communication: Foster collaboration and communication between development, operations, and security teams. Act as a liaison to ensure that security requirements are understood and integrated into the development process.
  • Compliance and Auditing: Assist in compliance assessments and audits to ensure adherence to regulatory requirements and industry standards. Collaborate with auditors and provide necessary documentation and evidence of security controls.

Requirements

  • 3+ years of relevant DevOps, SecOps, DevSec work experience in Production environments
  • Software Development: Basic programming skills and experience with software development practices is desired. Understanding languages like JavaScript, TypeScript, Python and concepts such as version control (Git), continuous integration/continuous delivery (CI/CD) pipelines
  • Security Knowledge: Familiarity with security principles, standards, and best practices is essential. This includes knowledge of common security vulnerabilities (e.g., OWASP Top 10), secure coding practices, encryption, authentication, access control, and security testing methodologies.
  • DevOps Practices: Proficiency in DevOps methodologies and tools is important. This involves understanding CI/CD pipelines, infrastructure automation (e.g., using tools like Docker, Kubernetes), configuration management, and monitoring/observability practices.
  • Risk Assessment and Mitigation: The ability to assess risks and apply appropriate security controls is crucial. Understanding threat modeling, risk assessment techniques, vulnerability management, and incident response planning can help identify and mitigate security risks effectively.
  • Collaboration and Communication: DevSecOps requires effective collaboration and communication skills. You should be able to work closely with cross-functional teams, including developers, security professionals, and operations personnel, to promote security practices and integrate security seamlessly into the development process.
  • Automation and Tooling: Proficiency in automation tools and technologies is beneficial. Knowledge of tools like security scanners (e.g., SAST, DAST), vulnerability management systems, log analysis tools, and security-focused frameworks can help automate security processes and improve efficiency.
  • Security Certifications: Obtaining relevant security certifications, such as Certified Secure Software Lifecycle Professional (CSSLP), Certified Ethical Hacker (CEH), or Certified Information Systems Security Professional (CISSP), can enhance your credibility and demonstrate your commitment to security practices.