Provide security techniques and expertise to ensure the infrastructure and software services meet specific customer security requirements/certifications
Collaborate with members of the team and
product owners to solve operational issues and develop enhancements such as automation.
Ensure applications stay compliant by integrating application and DevSecOps processes and CI/CD pipelines from early stages of the lifecycle.
Collaborate with team members on continuous improvement to both the Security DevOps pipelines and processes, and to the Information Security tools, services, and processes.
Understand technical and business requirements to develop tactical and strategic roadmaps to address and implement Secure SDLC controls (Data Privacy, SAST, DAST, etc).
Bachelor Degree in information security, computer science.
Experience working in an Agile, DevOps/SecDevOps environment.
3+ years of experience working in
software engineering role.
2+ years of experience working in a Security role handling on premise and cloud infrastructures.
Experience with security testing at scale by building and implementing static and dynamic analysis tools, integrating security into CI/CD workflows for everyday deployments.
Minimum 3 years' experience with Authentication and Authorization solutions.
Experience with static code analysis for software or infrastructure as code, including SonarQube,Terraform.
Experience with vulnerability scanners, including Tenable Nessus, Qualys, ...
Understanding of secure software development practices - AppSec - Security and/or regulatory experience desired, OWASP 10 and Web Application Security, Mobile Application Security, API Security.
Good knowledge of threat modeling, risk assessment techniques, code reviews, and with the latest security best practices
Require good knowledge of CI/CD tools - Knowledge of GitLab CI/CD, Seleneoid, Jmeter, SoapUI, Junit
Require good knowledge in automatic configuration management tool - Knowledge of Ansible, Terraform
Require good knowledge of automated security tools - SAST, SCA, DAST, IAST
Good knowledge of containers and orchestration platforms. Need to know how to create, build, deploy and manage containers in development and production environments - Docker, Kubernetes.
Patterns/ Principles - Blue/Green Deployment - Canary Release, Feature Flipping
IDE: Eclipse, Visual Studio
Public Cloud services knowledge: AWS, Digital Ocean.
Knowledge of Logging & Monitoring tools: ELK, Grafana, DataDog, Prometheus.
Experience in developing integration APIs and WebServices (REST/SOAP), API Development
Experience, Knowledge of API Security
• 13th month salary, bonus project, gifts (New Year, birthday, 8/3, 1/6, 20/10..)
• Lunch allowance and parking free
• Team building, company trip
• Insurance after 2 months of probation, PVI insurance for some levels
• Training in work and fast-track your career path
• Working in a friendly and professional environment