Jr. DevSecOps Engineer

Role:  DevSecOps Engineer

Location: Bangalore

Working Hours: 12-9PM

Working Model: Hybrid 

 

Intro:

As a DevSecOps engineer, you will provide technical leadership in the DevSecOps areas of  Vulnerability Scanning, Certificate Management, Password Policy Management, Infrastructure As code for Cloud Resource Provisioning, Data Analysis of security monitoring outputs, coordination of Remediation Patching, and other daily Security and Compliance efforts. Additionally, you will assist in developing an automated security framework for robust deployment tools and processes, leveraging various scripting languages and open-source solutions.

 

Some of the things you will be doing:

• Familiarity with DevSecOps ecosystem: Terraform, Ansible, GitHub, Jenkins, Azure DevOps, SAST, DAST & SCA
• Terraform, Ansible and AWS, Azure Architecture, Network and Security Certifications.
• Familiarity with API Security, Container Security, AWS and Azure Cloud Security
• Knowledge of Cloud Resource Provisioning, Cloud Network and Architecture, Cloud Standards and Policies.
• Experience with AWS and Azure Policy, Configuration, and Security Management tools.
• Experience with security automation, Cloud resource provisioning.
• Expertise in programming and scripting languages like Python, NodeJS, SQL query, bash, powershell, and Java.
• Experience with Vulnerable Code remediation.  
• Experience with Vulnerability Management and executive reporting using PowerBI.

 What technical skills, experience, and qualifications do you need?

• Prior experience (3-5 years) in a Production Engineering or related position.
• Experience working with Developers, DevOps, and Engineering teams in a dynamic environment to promote/implement the DevSecOps program throughout the organization.
• Experience coordinating and performing vulnerability assessments through the use of automated and manual tools (SAST, DAST, IAST etc).
• Ability to review and analyze vulnerability data to identify security risks to the organization's network, infrastructure, and application's and determine any reported vulnerabilities that are false positives.
• Capability to prepare security vulnerability and risk management reports for management.
• Leadership and teaming skills to coordinate remediation of vulnerabilities within established timeframes.
• Experience generating and providing executive reports for vulnerability management across DevSecOps Security Products.
• Proficiency in Java Programming, Bash, Powershell, Python, Terraform or other scripting languages.
• Familiarity with Information Security frameworks/standards (i.e. CIS, NIST, RFC2196, etc).
• Comprehension in the security areas of Key Management Systems, Certificate Management, Encryption, Penetration Testing, Vulnerability Scanning, Security and Monitoring tools, etc.
• Experience configuring, implementing, and leveraging computer security and networking diagnostic/monitoring tools.
• Knowledge of Windows and Linux patch management and related information security functions (authentication, encryption, iptables, SSL, Ciphers, etc)
• Ability to work with APIs and Plugins to integrate security tools into established CI/CD pipelines.
• Support code reviews across all code platforms 
• Manage security integration into the SDLC process at CSC 
• Help evolve CSC’s application security functions and services 
• Responsible for Security bug intake and remediation process for CSC 
• Responsible for leading the remediation of application vulnerability scanning and penetration testing 
• Manage integration with Static Application Security Testing (SAST) Software Composition Analysis (SCA), Dynamic Application Security Testing (DAST), Infrastructure as a Code (IaC) scanning, Secret Scanning, and Container Image scanning.
• Identify security exposures and develop mitigation plans 
•  Identify, report and fix technical debt. 
• Assist Manager of Application Security on all application security activities 
• Become a representative for the CSC Information Security program 
• Be productive and participate in security initiatives with minimal supervision. 
• Becomes a subject matter expert for security solutions within the CSC platform, knowledge of SANS 25 and Owasp  Top 10.
• Be able to act as a mentor for junior dev, devops and security engineers 
•  Use the tools and technologies used throughout CSC InfoSec. 
• Own and document medium/large epics and follow through until completion.
•  Present security solutions to a larger CSC audience. 
• Troubleshoot issues and performance bottlenecks. 
•  Follow Security best practices. 
• Collaborate with cross functional teams (Engineering, DevOps, Product) while carrying out day-to-day tasks.
•  Participate in requirement gathering with Product/SRE/InfraServices. 
•  Collaborate with cross Business Unit teams (CLS, DBS, Corp Tax, TBS) on implementing standardized security solutions and integrations. 
•  Participate in inner sourcing/procurement initiatives within CSC. 

 What technical skills, experience, and qualifications do you need?

• Strong experience with BI Design and Development for Vuln. Mgmt 
• BE/BTech Degree
• Strong experience in distributed platform development and design 
• Strong foundation in core information security principles and goals. 
• Proven expertise in enterprise security solutions. 
• Knowledge on common and emerging security threats. 
•  In-depth knowledge of security best practices. 
• Ability to assist in leading the InfoSec team 
• Exceptional analytical aptitude and attention to detail.
•  Ability to lead and project drive multiple security initiatives.
• Excellent communication skills.
• Ability to explain complex security topics in simple language 
• Ability to work with Senior Leadership.
• Fast learner / A strong willingness to learn. 
• Good team player who is self-motivated and well organized. 

CSC is a global business, legal, and financial services company based in Wilmington, Delaware, USA, providing knowledge-based solutions to clients worldwide. We have offices and capabilities in over 140 jurisdictions in the Americas, Europe, Asia Pacific, and the Middle East, and more than 8,000 colleagues. We are the business behind business.®

Visit our careers site to learn more about CSC and our commitment to our clients, communities, and each other.

CSC is committed to creating a feeling of belonging through a diverse and growth-oriented environment where everyone is valued.

CSC colleagues have global career opportunities and excellent benefits, including annual success-sharing bonuses or commission plans based on individual performance. To learn more, visit cscglobal.com/service/careers. 

We offer a range of support to colleagues with disabilities, ensuring people have the necessary resources to thrive in their roles. We encourage candidates to work closely with our talent acquisition partners to convey their specific needs. Our commitment to accessibility reflects our broader dedication to diversity and belonging,

CSC only accepts resumes from employment agencies that are part of our approved supplier program. Resumes submitted from other agencies either to talent acquisition, our hiring leaders, employees, or through any other mechanism other than our supplier process, will not be eligible to claim related fees and the submitted resumes will be considered property of CSC.

We encourage candidates to apply directly to our website and not through third-party sources.

Disclaimer: The information above describes the general nature and level of work performed by employees in this role. It is not intended to describe all duties, responsibilities, and qualifications.