We are looking for a skilled and driven DevSecOps Consultant to help drive secure software development practices across our cloud-based environments.
In this role, you will play a crucial part in embedding security into every aspect of the software development lifecycle (SDLC), from infrastructure as code (IaC) to secure application deployment. You'll be responsible for performing dynamic analysis, reviewing code, performing ethical hacking and testing, and ensuring that security is integrated into the DevOps pipeline in a seamless, automated, and efficient manner.
This is an exciting opportunity to work on complex projects involving cloud infrastructure, microservices development, and secure coding practices, with a focus on ensuring security at every stage of the development process.
Key Responsibilities:
- Integrate security into the DevOps pipeline by embedding security practices into the development, build, and deployment processes.
- Perform dynamic analysis of applications and websites to identify vulnerabilities in live environments.
- Conduct code reviews in the context of the DevSecOps cycle, ensuring that security is integrated into the development lifecycle from the start.
- Collaborate with development teams to implement security testing and ethical hacking methodologies to identify and mitigate risks.
- Provide expertise on cloud infrastructure, working closely with development and operations teams to design, implement, and manage secure cloud environments.
- Understand how microservices are developed and deployed, ensuring that each microservice follows security best practices.
- Use security tools and frameworks to identify, assess, and fix security vulnerabilities in both infrastructure and applications.
- Build infrastructure as code (IaC) using tools like Terraform, CloudFormation, or similar, to automate the creation of secure cloud environments.
- Maintain a strong understanding of cloud security (e.g., AWS, Azure, Google Cloud) and apply industry best practices to ensure the security of the cloud-based infrastructure.
- Develop and implement automated security testing and vulnerability scanning processes within the CI/CD pipeline.
- Work with development teams to improve the security posture of applications throughout their lifecycle, from coding and testing to deployment and maintenance.
- Continuously evaluate and improve the organization's security tools, processes, and infrastructure, staying up-to-date with emerging threats and new security technologies.
- Ensure that compliance and security standards are adhered to, in line with industry regulations (such as PCI DSS, GDPR, and others).
- Provide recommendations for security improvements and work with cross-functional teams to implement changes.
Key Skills & Qualifications:
- Proven experience as a DevSecOps consultant or engineer, with a focus on security automation, cloud infrastructure, and continuous integration/continuous deployment (CI/CD).
- Expertise in dynamic application security testing (DAST) and identifying vulnerabilities in live applications and websites.
- Strong background in code review and implementing secure coding practices throughout the SDLC.
- Experience in ethical hacking and performing penetration testing on applications, infrastructure, and microservices.
- Hands-on experience with cloud platforms such as AWS, Azure, or Google Cloud, with a deep understanding of cloud security best practices.
- Strong knowledge of microservices architecture and the security considerations associated with microservices development and deployment.
- Proficiency in infrastructure as code (IaC) tools like Terraform, Ansible, or CloudFormation for creating and managing secure cloud environments.
- Familiarity with CI/CD pipelines and integrating security scanning and testing tools into the pipeline.
- Understanding of containerization (Docker, Kubernetes) and securing containerized environments.
- Strong experience in scripting and automation (Python, Bash, or similar).
- Excellent problem-solving skills, with the ability to work through complex security challenges in cloud environments.
- Strong communication skills, capable of articulating security risks and best practices to technical and non-technical stakeholders.
- Ability to collaborate effectively with cross-functional teams (DevOps, development, security, and operations).
- Industry certifications such as CISSP, AWS Certified Solutions Architect, Certified Ethical Hacker (CEH), or CompTIA Security+ are highly desirable.
Preferred Qualifications:
- Banking or Financial Services industry experience is preferred, though experience in other regulated industries (e.g., healthcare, insurance) will also be considered.
- Experience with security frameworks and compliance standards such as PCI DSS, NIST, and ISO 27001.
- Experience with serverless architectures and securing serverless functions (e.g., AWS Lambda).
- Familiarity with advanced cloud security tools (e.g., CloudTrail, GuardDuty, CloudWatch, etc.).
There is an opportunity for this role to be done remotely but hybrid or onsite is preferred.
If the above matches your skillset, please apply and if you are successful we will be in touch.