Security Lead – Point X – DevSecOps Expertise

Overview:

We are looking for a highly skilled Security Lead who is passionate about security and proficient in DevSecOps principles. This critical role involves ensuring the end-to-end security of our mobile application platform and APIs. The ideal candidate will possess a strong understanding of security best practices, cloud environments, and modern development methodologies. As a leader, you will drive security initiatives, lead a team, and have a solid technical background in cloud security and DevOps practices. You will execute a security strategy aligned with SCBX group policies and regulatory requirements, providing tools, guidance, mentorship, and support to ensure security best practices are effectively implemented on the Point X platform.

Key Responsibilities:

 

  • Security Strategy Development: Formulate and implement a robust security strategy that aligns with business goals, focusing on protecting the mobile application platform and APIs.
  • Team Leadership: Lead and mentor a team of DevSecOps engineers, ensuring that security best practices are consistently applied throughout the organization.
  • Comprehensive Security Oversight: Manage security measures across the software development lifecycle, from initial design through to deployment, to ensure continuous defense against evolving threats.
  • Cloud Security Implementation: Design and enforce security controls within Azure and AWS cloud environments, ensuring adherence to industry standards and compliance requirements.
  • Infrastructure as Code (IaC): Champion secure infrastructure provisioning using tools like Terraform, ensuring robust configuration management and deployment.
  • Container Security: Establish and enforce security policies for Kubernetes clusters, securing containerized applications and microservices.
  • Vulnerability Management: Develop and maintain processes for vulnerability scanning using tools such as Aqua Security and Black Duck, ensuring prompt remediation of identified risks.
  • Code Quality Assurance: Implement and uphold code security and quality standards using tools like SonarQube.
  • CI/CD Pipeline Security: Design, optimize, and secure CI/CD pipelines using Jenkins, Git, and related tools, integrating security checks and automation.
  • Security Automation: Promote and drive the automation of security processes to enhance efficiency and reduce manual efforts, embedding security into automated workflows.
  • Incident Response Management: Create and maintain incident response plans to effectively detect, respond to, and mitigate security incidents.
  • Security Awareness and Training: Foster a culture of security within the organization by delivering training sessions, workshops, and creating documentation to promote best practices.

Qualifications:

  • Educational Background: Bachelor’s degree in Computer Science, Information Security, or a related field. Advanced degrees or relevant certifications are highly desirable.
  • Leadership Experience: Proven track record in leading security operations or DevSecOps teams, with a strong focus on mobile application security.
  • Cloud Security Expertise: Extensive knowledge of cloud security principles, with hands-on experience in both Azure and AWS platforms.
  • IaC Proficiency: Expertise in using Infrastructure as Code (IaC) tools such as Terraform, particularly in secure provisioning and configuration management.
  • Containerization and Kubernetes Security: In-depth knowledge of containerization technologies, especially Kubernetes, with practical experience securing containerized environments.
  • Vulnerability and Code Scanning: Proficient in using security scanning tools such as Aqua Security and Black Duck, as well as code analysis tools like SonarQube.
  • Microservices Security: Strong understanding of microservices architecture and related security challenges.
  • CI/CD Pipeline Expertise: Demonstrated experience in designing and securing CI/CD pipelines using tools like Jenkins and Git, with a focus on incorporating security practices.
  • Leadership and Communication Skills: Strong leadership and communication abilities, with the capacity to collaborate effectively with cross-functional teams and stakeholders.
  • Strategic Problem-Solving: Excellent problem-solving skills with the ability to think strategically about security challenges and solutions.
  • Certifications: Relevant certifications such as Certified Kubernetes Administrator (CKA), Certified Information Systems Security Professional (CISSP), or AWS Certified Security – Specialty are highly desirable