Sr. DevSecOps Engineer

Related keywords: remote job software engineerengineer remote jobprogramming remote job

Job Overview

The position of Sr. DevSecOps Engineer involves focusing on strengthening application security and embedding modern DevSecOps practices across the development lifecycle. The role is pivotal in ensuring secure code and practices are integrated at every level of software development, making it essential for a technology-focused organization like NTD Software.

Key Responsibilities

In this role, you will:

• Identify, assess, and remediate application security vulnerabilities across web, API, and cloud environments.
• Integrate and maintain security controls within CI/CD pipelines using techniques such as SAST, DAST, SCA, and container scanning.
• Collaborate closely with development and operations teams to enforce secure coding practices, essentially promoting a “shift-left” security model.
• Conduct secure code reviews, threat modeling, and perform application risk assessments.
• Develop automation and scripts that enforce security checks within pipelines, thereby streamlining security processes.
• Continuously monitor, triage, and remediate findings from application security tools, ensuring a proactive stance towards vulnerabilities.
• Stay up-to-date with industry trends and frameworks like OWASP, MITRE ATT&CK, and NIST, enhancing your expertise and ensuring your security measures remain relevant.
• Actively contribute to security guidelines, standards, and training for developers, elevating the comprehensive knowledge about security across the organization.

Required Skills

For this position, candidates must possess:

• A Bachelor’s degree in Computer Science, Software Engineering, Cybersecurity, or equivalent experience.
• Proven experience in DevSecOps, Application Security, or Secure Software Development, with at least 3 years of hands-on involvement.
• Proficiency in programming languages, such as PHP, JavaScript, Python, or Java.
• Experience using CI/CD tools like GitHub Actions, GitLab CI/CD, Jenkins, and CircleCI.
• Practical experience with various security tools including SAST, DAST, SCA, and IAST.
• An understanding of cloud security practices and familiarity with container security practices, specifically using Docker and Kubernetes.
• Strong knowledge of the OWASP Top 10, secure coding principles, and common attack vectors.
• The ability to effectively communicate security requirements to developers and other stakeholders.

Bonus Skills

While not mandatory, the following skills would be advantageous:

• Experience with performing penetration testing or conducting code-level security assessments.
• Relevant certifications such as eJPT, OSWE, OSCP, CSSLP, or GIAC GWAPT/GPCS that validate your skills and knowledge.
• Practical experience implementing Infrastructure as Code practices through tools like Terraform or CloudFormation to enhance security processes.
• An understanding of the Zero Trust security model and its principles.

Salary Information

While specific salary information isn't mentioned within the job description, typical compensation for a Sr. DevSecOps Engineer can vary widely based on skills, experience, and location. However, professionals in this field can expect a competitive salary, often reflecting the high level of expertise and demand within the marketplace.

Work Environment and Culture

As a full-time employee in a tech-centric organization like NTD Software, you'll be part of a collaborative and innovative environment. The role is designed for dynamic interactions with multiple teams, reflecting a culture that values security by design. The overall goal is to empower teams to address security concerns naturally throughout the software development process, ultimately leading to faster, more secure software delivery.

Location and Flexibility

The position is based in Mexico and may present options for remote work or flexible hours, depending on the company’s policies at the time. NTD Software fosters an engaging work environment that aligns with modern work arrangements to attract a talent pool from a broader geographic area.

Conclusion

The Sr. DevSecOps Engineer role at NTD Software offers an exciting opportunity for experienced professionals to enhance application security through DevSecOps practices. With a clear set of responsibilities and required skills, candidates are encouraged to apply if they meet the qualifications outlined above. This role is set to make a substantial impact on the organization, contributing significantly to security awareness and robust software development practices.

This job offer was originally published on himalayas.app