Talent.com
This job offer is not available in your country.
DevSecOps

DevSecOps

ConfidentialMumbai
1 day ago
Job description
  • Compliance and Governance
  • Compliance Standards :
  • Ensure adherence to GDPR, HIPAA, PCI DSS, and other standards.
  • Maintain audit trails with AWS CloudTrail and Bitbucket Activity Logs.
  • Vulnerability Assessment, Penetration Testing (VAPT), and Hardening
  • Assessments : Perform regular vulnerability assessments on AWS resources using tools like AWS Inspector, Nessus, or Qualys.
  • Service Hardening : Apply AWS best practices to secure services like EC2, RDS, and S3.
  • Encryption : Implement encryption in transit and at rest using AWS KMS and SSL / TLS.
  • Infrastructure Security

    • Cloud Security :

    • Use AWS services (Security Hub, GuardDuty, CloudTrail) and GCP tools (Security Command Center, IAM) to harden cloud environments.
    • Automate infrastructure deployment with Terraform or AWS CloudFormation, ensuring security best practices.
    • Scan IaC using Checkov, Terrascan, or AWS Config Rules.
    • Application Security
    • SAST and DAST :
    • Perform SAST during development to identify vulnerabilities early.
    • Conduct DAST in staging or production using tools like Burp Suite, OWASP ZAP, or AppScan.
    • Android Security :
    • Test Android apps using tools like MobSF, QARK, or Drozer.
    • Ensure compliance with OWASP MSTG standards.
    • Ethical Hacking and Ransomware Testing
    • Ransomware Simulation : Simulate ransomware attacks to test recovery capabilities and data resiliency.
    • Ethical Hacking : Perform ethical hacking exercises to assess system vulnerabilities and identify potential breaches
    • Threat Analysis Threat Modeling :
    • Conduct regular threat analysis to evaluate potential risks to cloud infrastructure and applications.
    • Create and maintain threat models for applications, services, and infrastructure to identify attack vectors and mitigation strategies.
    • Use tools like Microsoft Threat Modeling Tool, OWASP Threat Dragon, or custom modeling techniques to identify and prioritize risks.
    • Code Scanning :
    • Use Bitbucket Code Insights for integrated security scan results in PRs.
    • Monitor repositories for exposed credentials or sensitive data.
    • Automate IaC scanning with tools like Checkov.
    • CI / CD and Code Security
    • Secure Pipelines :
    • Integrate Bitbucket Pipelines with AWS services for secure deployments.
    • Automate security checks at each pipeline stage :
    • SAST (Static Application Security Testing) : Use tools like SonarQube.
    • DAST (Dynamic Application Security Testing) : Use tools like OWASP ZAP or Burp Suite.
    • Dependency scanning using tools like OWASP Dependency-Check.
    • Container security scanning for Docker images.
    • Code Scanning :
    • Use Bitbucket Code Insights for integrated security scan results in PRs.
    • Monitor repositories for exposed credentials or sensitive data.
    • Automate IaC scanning with tools like Checkov.
    • WSO2 API Manager Responsibilities
    • API Security :
    • Secure APIs with OAuth2, JWT tokens, and mutual TLS.
    • Implement rate-limiting and throttling to prevent abuse.
    • Integrate APIs with AWS Cognito or other identity providers for authentica
    • Monitoring and Incident Response
    • Monitoring :
    • Use AWS CloudWatch, GuardDuty, and Bitbucket monitoring features.
    • Configure proactive alerts using PagerDuty or Slack for Bitbucket Pipelines.
    • Incident Response :
    • Automate incident response workflows using AWS Systems Manager or AWS Lambda.
    • Conduct regular incident response drills.
    • AWS IAM (Identity and Access Management)
    • Policy Design : Create and enforce least privilege access policies.
    • Audits : Conduct regular audits of IAM roles, groups, and policies to ensure compliance and security.
    • Federated Identity : Configure and manage federated identity with external IdPs (e.g., Okta, Azure AD).
    • Bitbucket Roles and Responsibilities
    • Version Control Security :
    • Manage repository access using roles (Admin, Developer, Read-Only).
    • Enforce branch protection rules for PR reviews.
    • Secure sensitive data using Bitbucket Pipelines environment variables.
    • CI / CD Pipeline Integration :
    • Integrate Bitbucket Pipelines with security tools like SonarQube or Checkmarx.
    • Automate dependency vulnerability checks.
    • Use pre-commit hooks for code quality and security validation.

      • Job Requirement

      Key Tools and Technologies

      Category

      Tools

      Compliance and Governance

      GDPR, HIPAA, PCI DSS / AWS CloudTrail and Bitbucket Activity Logs

      Vulnerability Assessment, Penetration Testing (VAPT), and Hardening

      VAPT

      Infrastructure Security

      AWS services

      Application Security

      SAST / DAST

      Ethical Hacking and Ransomware Testing

      ransomware attacks / system vulnerabilities

      Threat Analysis Threat Modeling

      applications, services, and infrastructure

      Code Scanning

      SonarQube, Checkmarx, OWASP ZAP

      Source Control

      Bitbucket, Git

      CI / CD

      Bitbucket Pipelines, Jenkins, GitLab CI / CD

      Cloud Security

      AWS Security Hub, GuardDuty, GCP Security

      API Management

      WSO2 API Manager, AWS API Gateway

      Skills Required

      cd, Api Management, Cloud Security, SAST, Ci, Threat Analysis, Ethical Hacking

    Create a job alert for this search

    DevSecOps • Mumbai