Remote DevSecOps

Summary

Join our team and accelerate your career with HireVision. We're recruiting for a Cybersecurity Team member to work on exciting projects for international clients, focusing on cybersecurity and cloud security.

Requirements

• Knowledge of the cybersecurity field or willingness to deepen knowledge in this area, backed by at least a few years' experience working in IT or as a DevOps specialist
• Experience with one of the three leading clouds - Azure, GCP, or AWS
• Practical knowledge of CI/CD processes and familiarity with CI/CD tools such as Azure DevOps, Jenkins, GitHub, etc
• Security-related issues concerning web applications (OWASP TOP 10, etc.) and best practices for secure coding, along with knowledge of popular attack methods (XSS, CSRF, SQL injection, etc.) and frameworks like MITRE
• Practical experience working with models: on-prem, IaaS, PaaS, SaaS
• Experience with containerization (Docker) and infrastructure platforms based on containerization: Kubernetes, OpenShift, Anthos, etc
• SAST, DAST, SCA issues and their practical implementation within CI/CD processes, along with authentication, authorization, or session management (SAML, OAuth, SSO, etc.)
• Knowledge of the SSDLC process and its components, as well as Rest API technology and API Gateway concepts

Responsibilities

• Implementing security principles from the start of SDLC, supporting innovation and development
• Migrating and transforming, integrating security in new technological layers and cloud public environments
• Automating security-related tasks within DevOps processes using tools like Ansible, Azure DevOps, Jenkins, and GitLab
• Conducting security assessments of hybrid solutions from the scope of public cloud security (Azure, GCP, AWS)
• Securing public cloud environments and microservice-based environments (AKS, GKE, EKS, Red Hat Openshift)
• Analyzing API, application, or IaC code security, enriching DevOps environments with solid security elements
• Designing, developing a CI/CD environment through integrating security tools (SonarQube, DefectDojo, Fortify, Checkmarx, Veracode, Checkov, Semgrep, Nessus, Aqua Security)

Benefits

• Private medical care, life insurance, and employee benefits program
• Access to the MyBenefit platform (possibility of using a wide range of products and services, including Multisport cards)
• Individual career counseling support and a defined career development path, as well as coaching sessions
• A wide range of training packages (offer of soft and technical trainings, access to an e-learning platform, possibility of financing courses and certifications)
• Participation in implementing projects on a global scale for the largest international companies from Fortune 500 using the latest technological solutions
• Employee Assistance Program - free support in one-time legal, financial, and psychological consultations
• Paid employee referral program