JOB DESCRIPTION INFORMATION
Job Title
DevSecOps Engineers/Specialist: Digital Full Stack Developer
Business Unit
Information & Tech. Office Executives - BA3
Rate
Based on experience
Duration
6 months (Start date: 13 March 2023)
Work Location:
Hybrid Alice Lane JHB
More About The Area & Team
CTO, Dev tools and developer experience teams/ Enablement team.
More About The Project
- Problem to solve
- Solution/Deliverable
- Attractive Tech exposure
- Ensure successful implementation and embedment of effective DevSecOps solutions (i.e. SAST, DAST, CWPP, SCA, etc.)
- Assist the Engineering and Development teams to build effective and secured CI/CD pipelines, assisting in the configuration and maintenance of the pipelines - shifting security left
- Ensure that capabilities are deployed through a CI/CD pipelines with security requirements adhered to prior to deployment
- Communicate application security features to the engineering and development teams utilising a triad of people, processes, and technology
- Advise engineering teams to consider patterns in software security development and best practice, provide recommendations on approach and automation related to security
- Ensure compliance with Security and Operational risk standards
- Work with the Cloud team in the engineering of solutions on AWS Cloud using Infrastructure As Code methods such as Terraform and Ansible
- Proactively monitor and fix vulnerabilities while building a knowledge base
Job Description / Responsibilities:
- Candidates must be proficient in Azure, AWS, Docker, Kubernetes, Terraform, building and modifying CI/CD pipelines, implementing and configuring security tooling - e.g. Software Composition Analysis (SCA), Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST).
- 5+ years of related job experience (DevOps & Security)
- Comprehensive technical expertise in a variety of DevSecOps toolkits, including Ansible, Jenkins, Azure DevOps, Artifactory, Jira, Terraform, Git/Version Control Software (GitHub).
- Familiarity with information security frameworks and standards.
- Knowledge of DevOps Automation (TerraFrom, GitHub, GitHub Actions).
- Knowledge of DevSecOps tooling in the following spaces: SCA, SAST, DAST, IAST, CWPP and the ability to install and configure the above mentioned tooling (including integration into CI/CD pipelines)
- Familiarity with API Security, Container Security, AWS Cloud Security.
- Familiarity with Amazon AWS policy, configuration, and security management tools.
- Experience with security automation.
- Excellent analytical and interpersonal skills.
- Ability to express technical information clearly at different organizational levels.
- Advantage if you have the relevant Cloud and/or Security Certifications, such as CISM, CISSP, DevSecOps Practitioner Certification, AWS Certified Security Speciality, AWS Certified Developer or similar.
- Years of Experience
- Industry Experience
Must-have Skills (Mandatory Skills)
- Include minimum years of experience required per skill
- 5+ years of related job experience (DevOps & Security)
- 5+ experience with Ansible, Jenkins, Azure DevOps, Artifactory, Jira, Terraform, Git/Version Control Software (GitHub)
- Knowledge of DevSecOps tooling in the following spaces: SCA, SAST, DAST, IAST, CWPP and the ability to install and configure the above mentioned tooling (including integration into CI/CD pipelines)