DevSecOps Engineer

Summary

Join our pioneering team at TROOP as we shape the future of meeting planning and travel management! As a DevSecOps Engineer, you'll be a critical link between technical teams, clients, and stakeholders, driving security best practices within the development lifecycle and ensuring compliance with industry and regulatory standards.

Responsibilities

• Engage with clients to understand their security requirements, compliance needs, and privacy expectations
• Act as a trusted advisor to clients on DevSecOps best practices, security architecture, and compliance strategies
• Facilitate security and compliance discussions with internal teams, clients, and stakeholders to ensure alignment with security goals and objectives
• Lead the implementation and management of compliance frameworks
• Develop and maintain Policy-as-Code to enforce compliance policies within the CI/CD pipeline, ensuring security controls are applied consistently across environments
• Conduct regular compliance audits, vulnerability assessments, and risk analyses to identify and mitigate potential compliance issues
• Establish, document, and maintain security policies, including a Written Information Security Program (WISP)
• Manage bug bounty programs, serving as the primary point of contact for vulnerability submissions and ethical hacker interactions
• Triage and prioritize reported vulnerabilities, coordinating with development and security teams for swift remediation
• Implement feedback loops to integrate insights from bug bounty reports into our security practices, minimizing recurring vulnerabilities
• Implement and maintain data protection practices in line with GDPR and other privacy regulations, focusing on areas such as data encryption, access control, and data minimization
• Automate processes to handle data subject rights requests, such as data erasure and portability, in compliance with GDPR requirements
• Conduct Privacy Impact Assessments (PIAs) and ensure privacy-by-design principles are integrated into the development lifecycle
• Develop and implement automated security testing within CI/CD pipelines, including static analysis, dynamic analysis, and dependency scanning
• Integrate security tools to automate vulnerability detection, access control, configuration management, and compliance monitoring
• Continuously improve security policies, processes, and tools, adapting to new threats and changing regulatory requirements
• Collaborate with legal and compliance teams to interpret new regulations and understand their impact on the business and product development
• Maintain up-to-date knowledge of relevant legal and regulatory requirements and proactively drive necessary changes in DevSecOps practices
• Serve as a security and compliance resource for legal inquiries, audits, and regulatory reporting