DevSecOps Engineer
Job Details
Employment Type
Full time
Industry
Information Technology
Salary
AED 18000 - 22000
Location
Dubai, United Arab Emirates
Job Posted Time
February 29, 2024
Job Description
Responsibilities:
- Collaborate with development, operations, and security teams to integrate security best practices into our DevOps processes and workflows.
- Implement and automate security controls and compliance checks throughout the development and deployment lifecycle.
- Design and implement secure CI/CD pipelines for building, testing, and deploying software, incorporating security testing tools such as SAST, DAST, and IAST.
- Implement and manage infrastructure as code (IaC) using tools such as Terraform, CloudFormation, or Ansible, ensuring security best practices are followed.
- Automate security scanning and vulnerability management processes for applications, containers, and cloud resources.
- Implement and manage security monitoring, logging, and alerting systems to detect and respond to security incidents.
- Conduct security assessments and penetration testing of applications, infrastructure, and cloud environments.
- Ensure compliance with industry standards and regulations such as GDPR, HIPAA, PCI-DSS, and SOC 2.
- Provide guidance and support to development and operations teams on secure coding practices, security tools, and security best practices.
- Stay up-to-date with emerging security threats, vulnerabilities, and best practices, and implement appropriate measures to mitigate risks.
Qualifications:
- Bachelor's or Master's degree in Computer Science, Software Engineering, Information Security, or a related field.
- Proven experience as a DevSecOps Engineer or similar role, with a strong background in software development, operations, and security.
- Proficiency in scripting and programming languages such as Python, Bash, or Go.
- Experience with cloud platforms such as AWS, Azure, or Google Cloud Platform, including hands-on experience with security services and controls.
- Experience with CI/CD tools such as Jenkins, GitLab CI/CD, or CircleCI, and version control systems such as Git.
- Experience with infrastructure as code (IaC) tools such as Terraform, CloudFormation, or Ansible, and containerization technologies such as Docker and Kubernetes.
- Strong understanding of security principles, standards, and best practices, including OWASP Top 10, CIS Benchmarks, and NIST Cybersecurity Framework.
- Experience with security testing tools such as static analysis (SAST), dynamic analysis (DAST), and interactive analysis (IAST) tools.
- Experience with security monitoring and logging tools such as SIEM, IDS/IPS, and security information and event management (SIEM) systems.
- Excellent problem-solving skills and the ability to troubleshoot complex technical issues.
- Strong communication and collaboration skills, with the ability to work effectively in a cross-functional team environment.