DevSecOps Manager
12 month contract
Hybrid
Rates DOE
The DevSecOps Manager is responsible for managing and supporting business teams in remediating application vulnerabilities (AppSec) in a context where Cybersecurity is named as a mandatory component of the information system.
Role
- Contribute to the design of the application architecture
- Onboard and animate product teams on security tests
- Support clients to integrate security from the start into their projects
- Design and delivery of awareness / training sessions dedicated to cybersecurity topics
- Train and raise awareness among development teams and end users about security best practices (Cyber by Design)
- Identify, assess and remediate application vulnerabilities
- Support for remediating vulnerabilities and helping with capitalization at the company level
- Contribute to the continuous improvement of the DevSecOps offer and implementation of new DevSecOps activities
- Support and collaborate with product teams to define good development practices, and Review User Stories, and to carry out the risk analysis of the product
- Empower product teams to trigger security audits with available tools for the product team and associated procedures (SAST, DAST, SCA, repository scan, etc.
and Impacts evaluation of remediation action on the product
- Track progress status on previous security action plan and priorities
- Deployment, functional configuration, fine tuning of tools, automation, centralization of results
- Definition of cybersecurity indicators (prerequisite : fine tuning)
- Significantly lead to improvement of those indicators to demonstrate the value of the approach from a security perspective
Skills / Experience
In-depth knowledge of DevSecOps principles and practices, and how they apply in a customer-facing context :
- Knowledge of JavaScript, Java, Python, dotnet, Shell and Go languages, and of the following IDEs : VSCode, JetBrains, Android Studio, IntelliJ IDEA
- Knowledge of "Infrastructures as Code (IaC)" technologies : Terraform
- Application security (OWASP TOP 10, secrets management, MITRE ATT@CK, etc.)
- Cloud (GCP, Azure, OCI) and DevOps culture (CI / CD, containerization, etc.)
- Proficient in DevSecOps tools like Kubernetes, Dockerfile, Ansible, Helm, GitHub, etc., for continuous integration and delivery.
- Previous experience & expertise with AppSec solution (preferably Checkmarx and Qualys) would be valuable.
- Ability to work closely with development, operations and security teams
- Ability to analyze complex security issues and find effective solutions
- Understanding of different technological environments and platforms
Il y a 28 jours