DevSecOps

Description

Today’s world is crime-riddled. Criminals are everywhere, invisible, virtual and sophisticated. Traditional ways to prevent and investigate crime and terror are no longer enough… 

Technology is changing incredibly fast. The criminals know it, and they are taking advantage. We know it too.  

For nearly 30 years, the incredible minds at Cognyte around the world have worked closely together and put their expertise to work, to keep up with constantly evolving technological and criminal trends, and help make the world a safer place with leading investigative analytics software solutions. 

We are defined by our dedication to doing good and this translates to business success, meaningful work friendships, a can-do attitude, and deep curiosity.

So, if you rock at DevSecOps and being a technical expert, and want in on the action, let’s talk!

Role Overview:

This role focuses on integrating security best practices into CI/CD pipelines and production system deployments, ensuring security is embedded throughout the software development lifecycle. As a DevSecOps Engineer, you will work closely with architecture, development, and operations teams to make security a shared responsibility across all stages of software development and deployment.

Your primary responsibility will be implementing security best practices, testing, and automation tools into CI/CD pipelines and production environments using industry-standard tools such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and other security mechanisms.

Key Responsibilities:

·      Security Integration into DevOps: Collaborate with development and operations teams to integrate security practices into every stage of the software development lifecycle, from code creation to deployment.

·      CI/CD Pipeline Security: Configure, implement, and manage security tools and automation in CI/CD pipelines to detect vulnerabilities early in the development process.

·      Security Testing: Use SAST and DAST tools to automate security testing for code and applications. Continuously monitor security scans, report findings, and recommend remediation strategies.

·      Automation & Process Improvement: Continuously enhance and automate security processes to deliver secure software efficiently while minimizing manual intervention.

Requirements

Experience Required:

• 4+ years of experience in DevSecOps or a similar role focused on integrating security into CI/CD processes.
• Proven experience implementing and configuring security tools such as SAST, DAST, and other automation tools.
• Strong familiarity with commonly used security tools in DevSecOps implementations.
• Hands-on experience with CI/CD tools and languages (e.g., Jenkins, Groovy, Git, Python, Bash) for pipeline automation.
• Proficiency in cloud-native deployments and management (e.g., Helm, Kustomize), Kubernetes objects, and cluster debugging.
• Familiarity with Infrastructure as Code (IaC) tools like Terraform and Ansible.
• Knowledge of CIS benchmark recommendations and system hardening practices.

Technical Skills:

• Proficiency in programming/scripting languages (e.g., Python, Bash, Groovy, Ansible, Helm) for automation.
• In-depth knowledge of security vulnerabilities (e.g., OWASP Top 10) and mitigation best practices.
• Experience with vulnerability scanning and static and dynamic application security testing tools (e.g., SonarQube, Checkmarx, OWASP ZAP, Coverity, Lint).
• Familiarity with on-premises cloud platforms (e.g., OpenShift, Tanzu) and public cloud platforms (AWS, Azure, GCP) and their security configurations.

Soft Skills:

• Strong communication skills to effectively collaborate with cross-functional teams.
• A problem-solving mindset with the ability to quickly troubleshoot and resolve security issues.
• A proactive and collaborative approach to fostering a security-first mindset across the organization.

Preferred Qualifications:

• Certifications in security or DevOps tools (e.g., Certified Kubernetes Administrator (CKA), Certified DevSecOps Professional, AWS Certified Security Specialty).
• Experience in threat modeling and risk assessment for secure software development.
• Familiarity with containerization and container security (e.g., Docker, Kubernetes).