Education & Experience
. Bachelor's degree in Computer Science, Information Security, or related field (Master's degree or relevant certifications are a plus)
. 5+ years of experience in DevSecOps, with 5+ years hands-on experience with Jenkins pipeline & security scanning
. Proven experience in managing both development and operations automations.
Technical Skills
- Expertise in developing Jenkins pipelines using Groovy to onboard applications onto CI/CD.
- Experience with build orchestration tools maven, Jenkins, CloudBees SDA
- Strong knowledge in SAST (SonarQube), SCA (Nexus IQ, Nexus Lifecycle, Nexus firewall)
- Expertise in artifactory management tools Sonatype Nexus or JFrog
- Strong knowledge in AWS cloud, containerization tools Docker and EKS.
- Strong knowledge in UNIX and shell scripting
- Proven expertise in troubleshooting complex issues, conducting root cause analysis (RCA), and standardizing resolutions processes.
KEY RESPONSIBILITIES:
Security Champion & Culture
- Advocate for and educate development teams on security best practices, threat modeling, and secure coding techniques.
- Foster a culture of secure as a shared responsibility across the organization.
- Lead security reviews and threat modeling sessions for new features and architecture.
Secure CI/CD Pipeline Management
- Design, implement, and maintain security gates and automated security checks within our CI/CD pipelines (e.g., SonatQube, Nexus IQ, and Tenable).
- Automated infrastructure compliance and security validation using tools like Open Policy Agent (OPA).
Container & Kubernetes Security
- Secure containerized environments (docker, Kubernetes, EKS)
- Implement kubernetes best practices (network policies, pod security standards/admission controllers, runtime security)
- Manage vulnerability scanning for container images throughout the development process.
Automation & coding
- Own the end-to-end CI/CD strategy. Build, maintain, and optimize our pipelines to enable rapid, reliable, and automated deployments from commit to production.
- Implement advanced monitoring, logging, and alerting solutions to ensure high availability, diagnose issues, and optimize system performance. Define report on SLOs and SLIs.
- Identify and eliminate toil. Automate everything from provisioning and configuration management (Ansible) to operational runbooks freeing up the team to focus on high-value work.
- Provide technical guidance and mentorship to other engineers. Share knowledge, conduct brown-bag sessions, and help foster a culture of DevOps best practices across the organization.
- Engage with security team to implement security controls, manage secrets (Vault), ensure compliance, and shift left on security, making it an integral part of our workflow.
- Capable to create end-to-end release management workflow using JIRA. Integrate the DevOps tools Codecommit, Jenkins, SonarQube, Nexus IQ, Nexus repository, Ansible, and AWS for deployments.
