Seargin

Seargin is looking for a Senior DevSecOps Consultant

• Position: Senior DevSecOps Consultant
• Technologies: DevOps, Security, Cloud
• Location: Warsaw/Wroclaw/Poznan/Katowice or remote
• Country: Poland
• Area: Project
• Form of employment: Permanent/B2B
• Experience level: Senior

The main tasks for the Senior DevSecOps Consultant will be:

• Executing security architecture reviews of applications in design and production phases
• Finding security recommendations, potential threats, and attacks to applications systems through threat modeling and vulnerability assessment
• Providing assessments of applications and platforms (web, cloud, mobile) using a range of manual and automated source code review techniques
• Preparing integration of application security tools and processes in automated pipelines
• Cooperating with clients to analyze, assess, and enhance the effectiveness of their application/platform/product security posture at procedural and technological levels from design to deployment
• Using knowledge of current application security best practices and industry trends to lead the deployment of application security solutions for our clients and provide support to the clients in their desire to protect their business
• Taking part in market-facing actions. Using current technology and tools to improve the effectiveness of deliverables and services. Playing an active role in counseling and mentoring junior Cybersecurity team members
• Maintaining long-term client relationships and networks. Cultivating business development opportunities
• Resolving and reviewing resolution of security vulnerabilities as needed
• Improving secure coding practices, application security requirements, automation, training, and metrics
• Maintaining an active understanding of industry practices for secure software development
• Working with application development teams to refactor or create security solutions
• Controlling & Logging and Site Reliability

The Candidate should have:

• Understanding of or background in Agile Development Environment
• Good presentation skills
• Proven capability to work as DevSecOps on projects
• Professional background in:
  • Executing application security vulnerability assessment using either manual penetration testing and source code techniques or automated commercial SAST/DAST/IAST/SCA/OSA tools
  • Executing security architecture/threat modeling reviews on a wide range of applications and determining the appropriate security controls. Ability to demonstrate experience by describing the types of applications that have been reviewed, the methodology followed as part of the review, the security controls evaluated as part of the review, sample findings that have been discovered, and sample remediation guidance that has been provided
  • Assessing application security programs for clients and developing key elements of the program as part of the improvement process and developing internal vulnerability evaluation and management processes
  • Assessing DevSecOps programs to determine how to embed security activities and working with clients to evolve their development programs to embed application security tooling and processes.
• Capability to learn and adapt to integrate application security to different CI/CD systems and apply automation as needed
• At least 3 years of professional background in Agile development, application security, or DevOps role, with experience in the following technologies:
  • Continuous integration (Jenkins, Bamboo, Hudson, etc.)
  • Containers (Docker, Kubernetes, etc.)
  • QA Testing tools (nUnit, jUnit, Selenium, Cucumber, etc.)
  • Infrastructure as a code (Vagrant, Docker, Ansible, Chef, Terraform, etc.)
  • Integration of Security testing tools into the pipeline
  • Developing enterprise applications or scripts for security testing (security as code)
  • Source code management (GitLab, GitHub, BitBucket, etc.)
  • Defect tracking (Jira, Bugzilla, ServiceNow, etc.)
  • Cloud environment (AWS, Azure, GCP) and different Unix-like distributions
• Knowledge of:
  • Methodologies and Standards like OWASP, NIST, OSSTMM, PTES, ISAAF
  • Networking, infrastructure, and applications from a DevOps perspective with a concentration on security
  • Security monitoring, prevention, and control systems including anti-virus, web proxies, and security software
• Certifications relevant to the role
• Extensive experience with IDS/IPS/DLP/SIEM/NBAD tools and construction of customized signatures for complex microservices
• Background in programming or scripting languages
• Expertise in security control techniques and a deep understanding of how they can be applied in a traditional IT environment as well as cloud-based systems
• Familiarity with security considerations around RESTful APIs
• Team-oriented, detail-oriented, efficient, and solution-oriented attitude
• Superb analytical and problem-solving skills
• Excellent communication and interpersonal skills
• Flexibility and ability to work independently and in a team
• Great English skills (written and spoken)

It would be a plus if the Candidate had:

• Educational background with Diploma or Degree in Computer Science, Software Engineering or related discipline with at least 3 years of general experience
• Good technical knowledge of:
  • Microservice oriented solutions
  • APIs
  • Azure AD
  • Common Cloud authentication patterns
• Certificate in Cloud/DevOps (MS Azure/AWS/GCP)

The Candidate can expect:

• Permanent/B2B Contract
• Challenging job in an international and multilingual environment
• Professional development
• Attractive and competitive compensation