Principal Software Engineer – DevSecOps

boomi

India NM Years Exp Posted 271d ago

Job Description

Technical Must-Know Concepts

  • Application Security:

    • In-depth knowledge of secure coding practices, including familiarity with OWASP Top 10 and CWE guidelines.

    • Experience integrating security into the Software Development Life Cycle (SDLC).

  • Threat Modeling:

    • Proficiency in threat modeling methodologies such as STRIDE and DREAD.

    • Ability to identify attack surfaces and develop mitigation strategies.

  • Cloud Security:

    • Expertise in AWS and Azure security best practices, including IAM, KMS, GuardDuty, and Security Center.

    • Understanding of encryption mechanisms for data at rest and in transit.

    • Experience in hardening cloud resources to prevent unauthorized access.

  • Infrastructure and CI/CD Security:

    • Knowledge of securing Infrastructure as Code (IaC) using tools like Terraform and CloudFormation.

    • Experience with secrets management and integrating security scans (SAST, SCA, DAST) into CI/CD pipelines.

  • Vulnerability Management:

    • Proficiency in using tools like Snyk, TruffleHog, and CrowdStrike CSPM for vulnerability assessment.

    • Ability to prioritize vulnerabilities based on risk and impact.

  • Authentication and Authorization Security:

    • Understanding of OAuth 2.0, OpenID Connect, and Single Sign-On (SSO) principles.

    • Experience in implementing secure authentication and authorization mechanisms.

  • Container and Kubernetes Security:

    • Knowledge of container security best practices, including image scanning and hardening.

    • Experience with Kubernetes security features like RBAC and network policies.

  • Cryptography Fundamentals:

    • Familiarity with TLS/SSL protocols, encryption standards, and key management practices.

  • Security Standards and Compliance:

    • Awareness of frameworks such as NIST, ISO 27001, SOC 2, and PCI DSS.

    • Experience in aligning security practices with compliance requirements.

  • DevSecOps Tooling:

    • Proficiency in using CI/CD tools like GitHub, GitLab, and Bitbucket, and integrating security automation into workflows.

Similar Openings for You

Data Engineer
husky Chennai, India
Lead II - Data Engineering
ripplehire Bangalore
Data Engineer I
generalmills Mumbai, India
Senior Data Engineer
cgi Hyderabad