DevSecOps

Responsibilities:

• Design cloud development infrastructure.
• Automate deployments in AWS and Azure (and other cloud tools as required).
• Improve the automation of security controls.
• Work closely with the dev team on defining industry-standard processes and system requirements, identifying, and proposing fixes to shortcomings in dev lifecycle.
• Review and evaluate development concepts (for existing products and during design phase for new products) to identify gaps in business processes and controls to assist in the design and documentation of the processes.
• Drive development standards and processes related to cybersecurity compliance.
• Monitor all cybersecurity processes, operations, and infrastructure, monitoring internal and external policy and regulatory compliance.
• Liaise with internal and external stakeholders to prepare for SOC2 Type I (and future roadmap towards HiTrust).
• Drive cybersecurity audit strategy and readiness from a dev, security and devops perspective.
• Identify, implement, and maintain all security tools and technology.
• Schedule (and ideally automate) ASV scans and internal vulnerability scans, remediating findings and ensuring accurate & timely reporting to satisfy PCI DSS requirements.
• Schedule annual Penetration Tests with external supplier(s) and ensure implementation of items identified in remediation plans.
• Complete required cybersecurity applications and records for large customers and audits, including reporting as required.

• Minimum education (essential): Engineering degree (Computer, Software or Electronic).
• Minimum education (desirable): CISM (Certified Information Security Manager) or CISSP (Certified Information Systems Security Professional) or CCSP (Certified Cloud Security Practitioner) ITIL Certified.
• Minimum applicable experience (years): Minimum 5 years’ experience in Technology & Software Minimum 3 years’ experience in Cybersecurity

• 3 years in any of: Scala, Go, Java, NodeJS/JavaScript/Typescript/Ruby
• Extensive exposure to CI/CD frameworks: (Jenkins, Code Pipeline + CodeBuild)
• AWS’ ecosystem
• AWS Well Architected Framework
• Trusted Advisor
• GuardDuty / SCP / SSM / IAM / WAF
• Container services such as ECS/EKS.
• Experience deploying auto-scaling and load-balanced Highly Available applications.