إرفاق
وصف الوظيفة
JOB PURPOSE:
To integrate security practices into the DevOps process, ensuring security software development and deployment. This role involves leading a team to implement automated security controls, manage vulnerabilities and ensure continuous security throughout the software development lifecycle.
Key Accountabilities:
• Implement security best practices and standards into the DevOps pipeline.
• Develop and maintain automated security testing and scanning procedures.
• Collaborate with development and operations teams to embed security early in the development lifecycle.
• Conduct regular security reviews and threat modeling sessions.
• Monitor and enforce compliance with security policies throughout the DevOps pipeline.
• Provide guidance and training to DevOps teams on secure coding practices.
• Stay updated on emerging DevOps security trends and integrate relevant practices.
• Create a productive channel of communication and cooperation between the engineers and other key stakeholder
• Assess how user needs and software requirements can be met in line with cybersecurity policies and determine feasibility of design within time and cost constraints.
• Apply coding and testing security standards.
• Assess the effectiveness of systems' cybersecurity measures during DevOps.
• Integrate cybersecurity into the requirements process by defining and capturing security controls of DevOps.
• Identify applications threat models
• Develop and direct procedures and documentation for system testing and validation in DevOps.
• Develop SecDevOps standards, policies and procedures.
• Develop secure code and error handling processes and documentation for DevOps.
• Apply methodologies to correct common coding errors with security implications to ensure development of secure software in DevOps.
• Ensure that cybersecurity is incorporated into system design.
• Address security implications in the software acceptance phase.
• Support security certification test and evaluation activities for DevOps.
• Translate security requirements into application design elements including documenting the elements of the software attack surfaces, conducting threat modeling and defining any specific security criteria.
• Identify cybersecurity capability strategies for custom hardware and software development based on organization's requirements.
• Ensure penetration testing is carried out when required for new or updated applications.
• Develop cybersecurity designs to meet operational needs and environmental factors.
• Develop, specify, and evaluate architecture designs for infrastructure and DevOps.
المؤهلات والخبرات والمهارات
Minimum Qualifications:
• Bachelor’s / Master’s Degree in Cybersecurity, Computer Science, or related field
Minimum Experience:
• 5 - 8 years of experience in the field of cybersecurity
Job-Specific Skills:
• Ability to understand the cybersecurity roles & responsibilities
• Ability to Manage GRC Automation and Technical Compliance.
• Ability to deal with pressure, resource management and team leading
• Ability to understand the requirement and deliver the related job responsibilities on time
• Significant analytical and critical thinking skills
• Ability to build and maintain collaborative working relationships with Information Technology and Business personnel to design and assist in the execution of appropriate controls design and monitoring
• Excellent verbal and written communication skills enabling candidate to prepare and present recommendations to senior management