Senior Azure DevSecOps Engineer

Truelogic is a leading provider of nearshore staff augmentation services, located in New York. Our team of 500 tech talents is driving digital disruption from Latin America to the top projects in U.S. companies. Truelogic has been helping companies of all sizes to achieve their digital transformation goals.

Would you like to make innovation happen? Have you ever dreamed of building Products that impact millions of users? Nice! Then we have a seat for you on our team!

What are you going to do?

You will have the opportunity to work in a forward-thinking and growth-oriented environment

Occupy a unique position in the market, you will play a pivotal role in ensuring the security of our software development lifecycle (SDLC). You'll collaborate closely with development, operations, and security teams to integrate security practices into our CI/CD pipelines, fostering a culture of security awareness and responsibility.

• Security Integration:
  ○ Work collaboratively with development teams to embed security practices into the
  SDLC.
  ○ Implement security controls and best practices throughout the development
  process.
  ○ Review code for security vulnerabilities and provide recommendations for
  remediation.
• CI/CD Pipeline Security:
  ○ Integrate security tools and processes into our CI/CD pipelines.
  ○ Automate security testing and vulnerability scanning.
  ○ Ensure that security checks are performed at various stages of the development
  process.
• Threat Modeling:
  ○ Conduct threat modeling exercises to identify potential vulnerabilities and risks.
  ○ Develop mitigation strategies to address identified threats.
• Security Awareness:
  ○ Promote a security-conscious culture within the organization.
  ○ Educate development teams on security best practices and emerging threats.
• Security Tooling:
  ○ Evaluate, select, and implement security tools and technologies.
  ○ Maintain and update security tools to ensure they are up-to-date and effective.
• Incident Response:
  ○ Assist in incident response efforts when security breaches occur.
  ○ Contribute to post-incident analysis and remediation activities.

What will help you succeed

• Strong understanding of software development methodologies and best practices.
• Experience with CI/CD pipelines and automation tools (e.g., Jenkins, GitLab CI/CD,
  CircleCI).
• Knowledge of security concepts, threats, and vulnerabilities.
• Familiarity with security tools and frameworks (e.g., OWASP ZAP, Nessus, Burp Suite).
• Experience with scripting languages (e.g., Python, Bash).
• Ability to work collaboratively in a cross-functional team environment.
• Strong problem-solving and analytical skills.