DevSecOps

To be successful in this role, you should have a strong background in web development, cloud computing, and cybersecurity. You should also have experience with various DevSecOps tools and technologies, such as Jenkins, GitHub Actions, GitLab, Ansible, Docker, Kubernetes, AWS/OCI, Git, SonarQube, OWASP, etc. You should be able to work independently and as part of a team to solve security issues and improve performance and efficiency.

1. Develop and implement security policies, standards, and procedures for our web-based systems, following industry best practices and regulations.
2. Perform regular security assessments and audits of our web-based systems to identify and remediate vulnerabilities and risks.
3. Monitor and analyze security logs and alerts from various sources, such as servers, network devices, applications, and cloud services, to detect and respond to security incidents.
4. Implement and maintain security controls and solutions, such as firewalls, antivirus, encryption, VPN, SIEM, IDS/IPS, etc., to protect our data and systems from unauthorized access, modification, or destruction.
5. Develop and maintain CICD pipelines and scripts to automate and integrate the development, testing, and deployment processes, using tools such as Jenkins, GitHub Actions, GitLab, Ansible, Docker, Kubernetes, AWS/OCI, Git, etc.
6. Test, select, and implement technologies, tools, and methods to improve the performance, reliability, and scalability of our web-based systems.
7. Educate and train users and IT staff on security awareness and best practices.
8. Research and stay updated on the latest security trends, threats, and technologies.

1. Bachelor's degree in computer science, information security, or related field, or equivalent work experience.
2. 3+ years of experience in web development, cloud computing, and cybersecurity.
3. Knowledge and experience with DevSecOps tools and technologies, such as Jenkins, GitHub Actions, GitLab, Ansible, Docker, Kubernetes, AWS/Azure, Git, SonarQube, OWASP, etc.
4. Knowledge and experience with security frameworks and standards, such as NCA, NIST, ISO, PCI, HIPAA, etc.
5. Knowledge and experience with security testing and analysis tools, such as Nmap, Metasploit, Wireshark, Burp Suite, etc.
6. Knowledge and experience with scripting languages, such as Python, PowerShell, Bash, etc.
7. Excellent communication, problem-solving, and analytical skills.
8. Certification in security, such as CISSP, CEH, CISM, etc., is a plus.