DevOps DevSecOps Architect

Join DevSecOps Architect TalentCloud

If you possess mastery in any of the roles or skills below, you can apply to this TalentCloud. Once you become an approved Experfy TalentCloud member, you will get exclusive access to jobs and project opportunities from our clients.

Cloud Description

DevSecOps architects help integrate security into Agile/DevOps strategy and practices by using DevSecOps principles, processes, and tools. This TalentCloud is seeking experts who can build automation/infrastructure as code to enforce cloud infrastructure security. 

  • Experts should be able to automate security processes into CI/CD pipeline
  • Provide strategic direction and subject matter expertise for wide adoption of DevSecOps automation
  • Build and maintain DevSecOps pipelines to adopt a shift-left paradigm for security testing (SAST, DAST, IAST, RASP, etc.)
  • Develop and promote best practices for DevSecOps and secure CI/CD
  • Help integrate security into Agile/DevOps strategy and practices by using DevSecOps principles, processes, and tools
  • Build automation/infrastructure as code to enforce cloud infrastructure security. You will automate security processes into CI/CD pipeline
  • Stay up-to-date on new security tools & techniques, and act as a driver of innovation and process maturity
  • Conduct research and evaluate new DevSecOps platforms, components, tools, and processes for new projects and ongoing initiatives
  • Collect security-related metrics and increase security visibility across the organization
  • Deploy and manage security tools to cloud infrastructure platforms such as Google Cloud or AWS, through automation using infrastructure-as-code principles
  • Work with teams to bring continuous improvement to DevSecOps processes and tools
  • Building DevSecOps reference architectures, owning the technical engagement, and ultimate success around specific DevSecOps implementation projects
  • Leverage Security Solution Architecture standards and frameworks to provide security guidance to the business partners and project teams from a specific business segment with goals of maturing and improving the overall security posture of the segment and cultivating a segment-wide culture of security–awareness
  • Help manage and reduce security risks by developing global security controls to integrate into our DevOps pipelines
  • Responsible for establishing current and long-term direction aiming at driving to the forefront of change to a DevSecOps culture
  • Will also elaborate global policies and standards, provide security guidance on infrastructure designs and conduct risk assessments
  • Lead, define and map digital architecture processes for designing large scale DevSecOps pipelines
  • Coordinate DevOps security in order to assist IT teams in delivering secure infrastructure solutions with his/her security recommendations and requirements
  • Ensure prevention and good management of technical, legal, and human security-related risks by elaborating and proposing improvements to security policies, guidelines, and standards with a global mindset
  • Perform and participate in technical vulnerability assessments of systems currently in place in addition to security evaluations
  • Create and maintain standards and documentation related to security processes, procedures, and infrastructure
  • Participate in implementation or deployment of new tools, processes, and best practices in order to improve knowledge sharing and to raise security level while promoting security awareness
  • Communicate with efficiency while delivering security needs and validating that appropriate security measures are in place
  • Provide strategic direction and subject matter expertise for wide adoption of DevSecOps automation
  • Build and maintain DevSecOps pipelines to adopt a shift-left paradigm for security testing (SAST, DAST, IAST, RASP etc.)

Required Skills

  • Experience as a full-stack developer, with hands-on experience in DevSecOps practices
  • Experience with CI/CD tools such as GitLab, Jenkins, Nexus, Artifactory
  • Experience with software security, secure coding, or software assurance tools and techniques
  • Demonstrated skill with at least one or more configuration management/scripting technologies such as Ansible, Chef, Puppet
  • Experience with tools and technologies used throughout secure SDLC (e.g. Fortify, Checkmarx, Veracode, WhiteSource, Blackduck)
  • Proven track record of securely architecting and owning cloud platforms such as (AWS, GCE, Azure) using Infrastructure as code techniques
  • Experience with Linux Containers (Docker), Kubernetes, and deployment of containerized applications/microservices architectures
  • Experience in Information Security, Networking or Security Risk Management
  • Knowledge of Agile & DevOps methodologies
  • Experience with Cloud Security (AWS, GCS, Azure)
  • Stay up-to-date on new security tools & techniques, and act as a driver of innovation and process maturity
  • Conduct research and evaluate new DevSecOps platforms, components, tools, and processes for new projects and ongoing initiatives
  • Collect security-related metrics and increase security visibility across the organization
  • Must have strong analytical skills and deep security subject matter expertise across platforms
  • Exercise critical thinking in identifying external trends in information security threats and correlating to internal activity
  • Hands-on experience in implementing security controls and agile, DevOps & DevSecOps delivery methodologies

Preferred Skills

  • Experience developing software or scripting with Java, Python, etc.
  • Certifications: One or more of the following CISSP, CISM, CRISC, GSEC
  • Experience with ISO 27001-2, NIST 800-53, or other controls standards
  • Solid knowledge of industry standards (ISO27002, PCI Compliance, NIST/DISA)
  • Advanced knowledge of Application Security Architectures and Guidance