DevSecOps Engineer III (5+)
flutterinternational | 1 days ago | Gurgaon

Responsibilities

  • Participate in security reviews of new developments to ensure that released products comply with security requirements and industry best practice, Triage defects found and perform root cause analysis
  • Actively participate in compliance audits, vulnerability reviews and assessments, Undertake and support penetration testing and system reviews/audits
  • Lead Policy and Procedure development for systems security
  • Coach team to write secure code, and develop/implement secure systems and processes
  • Understand the Amazon identity management ecosystem holistically and create a secure infrastructure, Enforce compliance with IAM principals including least privilege access, password management, Audit logging, RBAC, deploy and maintain password management, user account lifecycle, certificate management and system authentication solutions
  • Engage with stakeholders and interested parties to ensure compliance, security and operational/functional requirements are met
  • Create and implement automated processes that reduce manual efforts and increase overall efficiency and scalability
  • Design a secure application release automation process to make security an integral part of the CI/CD pipelines.
  • Identify security tools and lead operationalization of solutions from POC to Production
  • improve Web App Firewalls (WAF), Ensure early Identification of intrusion & attacks and implement countermeasures
  • Implement security measures that monitor and protect sensitive data and systems from infiltration and cyber-attacks.
  • Work with cloud providers to obtain understanding of security controls, ensure controls are leveraged
  • Monitor security event of runtime environments, e.g. intrusion detection, API threat prevention, container runtime security
  • Monitor system logs, SIEM tools and network traffic for unusual or suspicious activity
  • Maintain an understanding of the latest cyber-security threats and implement best practices for protection.
  • Act as a first-responder for security-related incidents.

Requirements

  • Overall 5+ years of relevant experience
  • Bachelor's degree in Computer Science or a related technical discipline, or equivalent practical experience.
  • Solid understanding of Amazon Web Services (AWS) including VPC, ELB, IAM, KMS, EC2, S3, CloudTrail, CloudFormation, CloudWatch, Cloud HSM, AWS Encryption SDK, RDS, ELB, AWS Route 53, CloudFront, SNS
  • Understanding of security frameworks and standards like OWASP & NIST, Solid understanding of security protocols, cryptography, authentication, authorization
  • Good understanding of Linux and Windows OS, TCP/IP protocol stack and networking fundamentals, and security principles at all layers of the OSI stack
  • Experience with API security, AWS cloud security, container security, network security, cryptography, PKI, certificate management,
  • Experience in CI/CD Tools Including Git, Jenkins, Ansible, or similar
  • Knowledge and experience in web application security testing, vulnerability assessment, penetration testing, and generating reports using tools like Burp Suite, Paros, AppScan, Wireshark, Nmap, and Nessus.
  • Experience in designing cloud-native security architectures applying defense in-depth strategies
  • Advanced Expertise in at least one scripting language, Shell scripting, and AWS CLI
  • Expert knowledge of container security (Docker/Kubernetes), Container security tools such as Twistlock and Aquatic
  • Experience with third-party cloud security tools
  • Experience with tooling and systems for a build, infrastructure automation, and monitoring
  • Extensive experience in information security and risk management
Official notification
Contact US

Let's work laptop charging together

Any question or remark? just write us a message

Send a message

If you would like to discuss anything related to payment, account, licensing,
partnerships, or have pre-sales questions, you’re at the right place.