DevSecOps - CI/CD
Deloitte
Job Description
Required:
· Minimum of 5-7 years’ experience in application security development, security testing, deployment and security
management phases;
· Deep interest in application specific vulnerabilities, code development and infrastructure knowledge;
· Investigative and analytical problem-solving skills;
· Experience in collecting, analyzing, and interpreting qualitative and quantitative data from defined application security services related sources (tools, monitoring techniques etc.)
· Knowledge and experience of OWASP Top 10, SANS Secure Programming, Security Engineering Principles;
· Hands-on experience in performing code review of dot Net, Java and Swift and objective C code;
· Hands-on experience in running, installing and managing SAST, DAST , SCA and IAST solutions, such as Checkmarx, Fortify and Contrast in large enterprise
· Understanding of leading vulnerability scoring standards, such as CVSS, and ability to translate vulnerability severity as security risk;
· Hands-on experience on at least one CI/CD tool set and building pipelines using Team city, Bamboo, Jenkins, Chef, Puppet, selenium, AWS and AZURE DevOps;
· Hands on experience on container technology such as Kubernetes, Dockers, AKS, EKS.
· Knowledge of cloud environments and deployment solutions such as server less computing;
· Hands on experience in penetration testing of mobile, desktop and web applications;
· Must have experience in writing custom exploitation scripts and utilities;
· Possession of excellent oral and written communication skill;
· Knowledge of one or more scripting languages for automation and complex searches;
· Must have cloud security specialization in Security; and
· Certification such as EC-Council CEH (Certified Ethical Hacker), DevSecOps Professional (CDP) , ISC2 Certified Cloud Security Professional (CCSP), Certified API Security Professional (CASP) , CTMP (Certified Threat Modeling Professional) etc. are preferred.