As a DevSecOps Engineer, you will be part of the Governance & Architecture team within the Cloud & DevOps Services department.
You are instrumental in enabling and enhancing our security posture throughout our software delivery lifecycle, allowing streamlined and secure code development and deployment processes. You participate in designing, implementing, and continuously improving our security frameworks. Your proficiency in DevOps and secure application development practices will make you a crucial link between development and operations teams.
Contribute to and enhance a complete stack of solutions for Cloud Security & DevSecOps management from a people, process, and technology standpoint. This includes but is not limited to Secret Detection, SAST, SCA, and container security.
Develop and implement security controls that are aligned with the organization's security policies and procedures throughout our software delivery lifecycle.
Automate the implementation and testing of these controls.
Monitor their effectiveness and make necessary adjustments.
Investigate and resolve security incidents that are related to security controls.
Provide practical guidance to engineering and project teams to support the implementation of security controls, guidelines, and best practices.
Be a driving element and enable greater cooperation between product teams, cybersecurity teams, and compliance functions, helping quantify the risk and define relevant control objectives and activities to secure cloud workloads.
Contribute to the cloud and DevOps security governance (including participating in committees, building dedicated dashboards with associated KPIs, and evangelizing to other teams).
Be autonomous and proactive; Able to understand functional and technical requirements, identify gaps, and suggest improvements.
Previous experience in an SSDLC context, with a proven track record in developing and implementing effective security solutions and managing security challenges.
Familiarity with security controls and frameworks. This includes understanding the different types of security controls, such as preventive, detective, and corrective controls, and the various security frameworks, such as the CIS Controls and the NIST Cybersecurity Framework.
Knowledge of the SDLC and how to integrate security controls into the SDLC. This includes understanding the different phases of the SDLC and how to apply security controls at each stage.
Knowledge of security risk assessment frameworks like OWASP top 10 (Web Applications, API).
Experience with automation tools (gitlab ci, Jenkins, awx…) and scripting languages (Python mainly) will be key to understanding the context in which the controls must integrate and automating the implementation and testing of security controls themselves.
Knowledge of cloud (AWS, Ali Baba, and GCP, ideally) and Kubernetes security is essential, as these are the foundations of our technology stack.
Strong problem-solving skills. DevSecOps engineers need to be able to identify and solve security problems that arise while implementing security controls.
Effective communication skills. DevSecOps engineers must communicate effectively with developers, security engineers, and other stakeholders to implement security controls.
A passion for continuous learning and keeping up with the latest security trends and technologies. The security landscape is constantly evolving, so DevSecOps engineers must be willing to learn new things and keep up with the latest security trends and technologies.
Fluent in English, French is a plus
#J-18808-Ljbffr