Role-DevSecOsp Consultant
Exp- 4+ yrs
Location-Pune/Mumbai
Requirements:
· Min 2 years of experience in security engineering, code pipeline engineering, or a similar role
· Good understanding of SDLC, DevSecOps, Agile etc
· Experience on DevSecOps tools/platforms i.e. GitLab, Sonarqube, BlackDuck, LINT, Jenkins etc
· Good understanding of various security tools and technologies, such as firewalls, intrusion detection/prevention systems, encryption, authentication, etc. will be added advantage.
· Familiar with various programming languages, such as YAML, Python, Java, etc.
· Strong analytical, problem-solving, and communication skills
Responsibilities:
· Be a point of contact/continuous collaboration between client and clients AppDev teams.
· Review (if any) or define Best Practice Guidelines for AppDev.
· Review the current Code Pipeline Security configurations.
· Prepare Code Pipeline Security Configuration Policy using GitLab.
· Enforcement of Policies.
· Establish decision making process as well to identify vulnerabilities, analysis, actions i.e., Block, Allow, Exception approvals.
· Prepare a comprehensive plan for implementing GitLab Ultimate security features into the existing and upcoming App pipelines.
· Define governance process throughout DevSecOps lifecycle including security gates, quality checks and RACI.
· Facilitate enabling of code pipeline security policy via configurations.
· Keep a close eye on the Security notifications/alerts, Security Dashboard on GitLab tool.
· Updates to vulnerability management process to cover SLA for managing software vulnerabilities.
· Establish an incident response plan to effectively handle security breaches and minimize the impacts.
· Continuous training to AppDev teams on code pipeline security policies, procedures, technological know-how etc.
· Continuously improving the application LLD’s, user manuals, and any other documentation which relates to applications.
· Work closely with the tool provider i.e., GITLAB to bring in value in the form of support, improvements, enhancements, best practices.
· Define governance process throughout DevSecOps lifecycle including security gates, quality checks and RACI.
· Updates to vulnerability management process to cover SLA for managing software vulnerabilities.