This job offer is not available in your country.

Jr. DevSecOps Engineer

Corporation Service CompanyBangalore, Karnataka, India

20 days ago

Job description

Role : DevSecOps Engineer

Location : Bangalore

Working Hours : 12-9PM

Working Model : Hybrid

Intro :

As a DevSecOps engineer, you will provide technical leadership in the DevSecOps areas of Vulnerability Scanning, Certificate Management, Password Policy Management, Infrastructure As code for Cloud Resource Provisioning, Data Analysis of security monitoring outputs, coordination of Remediation Patching, and other daily Security and Compliance efforts. Additionally, you will assist in developing an automated security framework for robust deployment tools and processes, leveraging various scripting languages and open-source solutions.

Some of the things you will be doing :

Familiarity with DevSecOps ecosystem : Terraform, Ansible, GitHub, Jenkins, Azure DevOps, SAST, DAST & SCA
Terraform, Ansible and AWS, Azure Architecture, Network and Security Certifications.
Familiarity with API Security, Container Security, AWS and Azure Cloud Security
Knowledge of Cloud Resource Provisioning, Cloud Network and Architecture, Cloud Standards and Policies.
Experience with AWS and Azure Policy, Configuration, and Security Management tools.
Experience with security automation, Cloud resource provisioning.
Expertise in programming and scripting languages like Python, NodeJS, SQL query, bash, powershell, and Java.
Experience with Vulnerable Code remediation.
Experience with Vulnerability Management and executive reporting using PowerBI.

What technical skills, experience, and qualifications do you need?

Prior experience (3-5 years) in a Production Engineering or related position.

Experience working with Developers, DevOps, and Engineering teams in a dynamic environment to promote / implement the DevSecOps program throughout the organization.

Experience coordinating and performing vulnerability assessments through the use of automated and manual tools (SAST, DAST, IAST etc).

Ability to review and analyze vulnerability data to identify security risks to the organization's network, infrastructure, and application's and determine any reported vulnerabilities that are false positives.

Capability to prepare security vulnerability and risk management reports for management.

Leadership and teaming skills to coordinate remediation of vulnerabilities within established timeframes.

Experience generating and providing executive reports for vulnerability management across DevSecOps Security Products.

Proficiency in Java Programming, Bash, Powershell, Python, Terraform or other scripting languages.

Familiarity with Information Security frameworks / standards (. CIS, NIST, RFC2196, etc).

Comprehension in the security areas of Key Management Systems, Certificate Management, Encryption, Penetration Testing, Vulnerability Scanning, Security and Monitoring tools, etc.

Experience configuring, implementing, and leveraging computer security and networking diagnostic / monitoring tools.

Knowledge of Windows and Linux patch management and related information security functions (authentication, encryption, iptables, SSL, Ciphers, etc)

Ability to work with APIs and Plugins to integrate security tools into established CI / CD pipelines.

Support code reviews across all code platforms

Manage security integration into the SDLC process at CSC

Help evolve CSC’s application security functions and services

Responsible for Security bug intake and remediation process for CSC

Responsible for leading the remediation of application vulnerability scanning and penetration testing

Manage integration with Static Application Security Testing (SAST) Software Composition Analysis (SCA), Dynamic Application Security Testing (DAST), Infrastructure as a Code (IaC) scanning, Secret Scanning, and Container Image scanning.

Identify security exposures and develop mitigation plans

Identify, report and fix technical debt.

Assist Manager of Application Security on all application security activities

Become a representative for the CSC Information Security program

Be productive and participate in security initiatives with minimal supervision.

Becomes a subject matter expert for security solutions within the CSC platform, knowledge of SANS 25 and Owasp Top 10.

Be able to act as a mentor for junior dev, devops and security engineers

Use the tools and technologies used throughout CSC InfoSec.

Own and document medium / large epics and follow through until completion.

Present security solutions to a larger CSC audience.

Troubleshoot issues and performance bottlenecks.

Follow Security best practices.

Collaborate with cross functional teams (Engineering, DevOps, Product) while carrying out day-to-day tasks.

Participate in requirement gathering with Product / SRE / InfraServices.

Collaborate with cross Business Unit teams (CLS, DBS, Corp Tax, TBS) on implementing standardized security solutions and integrations.

Participate in inner sourcing / procurement initiatives within CSC.

What technical skills, experience, and qualifications do you need?

Strong experience with BI Design and Development for Vuln. Mgmt

BE / BTech Degree

Strong experience in distributed platform development and design

Strong foundation in core information security principles and goals.

Proven expertise in enterprise security solutions.

Knowledge on common and emerging security threats.

In-depth knowledge of security best practices.

Ability to assist in leading the InfoSec team

Exceptional analytical aptitude and attention to detail.

Ability to lead and project drive multiple security initiatives.

Excellent communication skills.

Ability to explain complex security topics in simple language

Ability to work with Senior Leadership.

Fast learner / A strong willingness to learn.

Good team player who is self-motivated and well organized.

Create a job alert for this search

Engineer • Bangalore, Karnataka, India