DevSecOps Engineer

Summary

Join Centric Software as a DevSecOps Engineer and collaborate with infrastructure, software engineers, and the QA team to ensure all cloud components adhere to security standards. You will integrate security testing throughout project stages, automate testing within development pipelines, and perform threat assessments. Responsibilities include Landing Zone delivery, collaboration with cross-functional teams, enforcing security standards, and contributing to incident response. The ideal candidate possesses proven experience in security engineering or DevSecOps, a strong understanding of security principles, and proficiency in security testing tools. Remote work is offered.

Requirements

• Proven hands-on experience in security engineering or DevSecOps roles
• Strong understanding of security principles, practices, and technologies
• Proficiency in security testing tools and methodologies
• Excellent problem-solving and analytical skills
• Strong communication and collaboration skills
• Ability to work effectively in cross-functional teams

Responsibilities

• Be a driving force in the delivery of the Landing Zones and supporting ecosystem of tooling (CICD Pipelines etc) to secure core Cloud Services. This will initially be on AWS, with Azure & GCP to follow
• Work closely with infrastructure and software engineers, as well as the QA team, to ensure that security measures are an integral part of the development process
• Enforce prescribed security standards outlined in the security architecture throughout the development lifecycle
• Seamlessly integrate security testing at all project stages, including code reviews, CI/CD pipelines, and production environments
• Strive to maximize the incorporation of automated security testing within the development pipelines to identify vulnerabilities early and continuously monitor for threats
• Perform threat assessments and vulnerability scans to identify potential security risks and provide recommendations for mitigation
• Contribute to the development of incident response planning and participate in security incident investigations and resolution (automated where possible)
• Provide security education and guidance to development teams to promote a culture of security awareness and best practices
• Maintain comprehensive security documentation, including security policies, procedures, and guidelines
• Ensure that security measures align with regulatory requirements and industry standards
• Identify opportunities for infrastructure optimization, cost reduction, and performance improvement

Preferred Qualifications

• Relevant industry certifications (e.g., Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Ethical Hacker (CEH), etc.)
• Experience with DevOps and CI/CD pipelines
• Knowledge of cloud security best practices

Benefits

Remote work