We are looking for a seasoned Senior DevSecOps Consultant to lead the integration of security into our client’s development and operations processes. This role is critical in bridging the gap between fast-paced software development and maintaining robust security postures. The candidate will be at the forefront of implementing and fine-tuning DevSecOps strategies in their CI/CD pipelines.
What you’ll do:
DevSecOps Strategy Implementation: Support and implement a comprehensive DevSecOps strategy that aligns with organizational objectives and security standards.
CI/CD Pipeline Security Integration: Integrate security tools and practices within CI/CD pipelines to automate security checks and ensure continuous security compliance.
Security Automation and Orchestration: Design and implement security automation scripts and workflows to enhance the efficiency of the DevSecOps process.
Infrastructure as Code (IaC) Security: Ensure security best practices are embedded in IaC scripts and configurations.
Container and Microservices Security: Implement security measures for containerized applications and microservices architectures.
Collaboration and Training: Work collaboratively with development and operations teams to build a strong DevSecOps culture; provide training and mentorship in security best practices.
Education: Bachelor’s or Master’s degree in Computer Science, Cybersecurity, or related field.
Experience: Minimum of 3-5 years of experience in DevSecOps, with a proven track record of implementing security in DevOps environments.
Expertise in automation and orchestration tools (e.g., Jenkins, Ansible, Chef, Puppet).
Proficient in cloud environments (AWS, Azure, GCP) and understanding of cloud-native security principles.
Good knowledge of containerization and orchestration tools (Docker, Kubernetes) and their security configurations.
Experience with infrastructure as code (Terraform, CloudFormation) and ensuring the security of IaC.
Proficient in implementing and configuring security tools such as SAST, DAST, IAST, RASP, and vulnerability scanners.
Familiarity with secure coding practices and application security standards.
Strong understanding of network and application security, threat modeling, risk assessment techniques, and cybersecurity frameworks (e.g., OWASP, NIST).
Knowledge of compliance requirements (e.g., GDPR, HIPAA).
Excellent communication skills.
Strong problem-solving abilities and analytical mindset.
Ability to foster a culture of security awareness and best practices within DevOps teams.
Upgraded förmedlar konsulter främst inom IT. Företaget startades 2010 och finns idag på 5 orter med cirka 20 anställda. Upgraded förmedlar konsulter till företag och organisationer så som Region Skåne, Socialstyrelsen, Energimyndigheten och Lunds Universitet.