DevSec Ops Engineer

• Company Experis
• No. of Openings 10+
• Salary Not Disclosed
• Work Type on-site

Job Description :

We are looking for a DevSec Ops to take a leading role in design, development and implementation cybersecurity solution within the aviation sector. Further information below:

Responsibilities:
 

• Define overall security solution strategies based on customer requirements.
• Analyse applications to understand how they work, where they have weaknesses and demonstrate how identified vulnerabilities can be exploited by developing Proof-of-Concepts.
• Ensure that security is introduced earlier into the software development life cycle (SDLC).
• Write comprehensive security assessment reports for developers and management.
• Collaborate with a team of security experts and work in a lab environment.
• Propose mitigations for the security vulnerabilities identified in Thales solutions.
• Perform security reviews of requirements, design specifications, and code.
• Analyse design constraints, analyse trade-offs and detailed system and security design, and consider life cycle support.
• Build, test, and modify product prototypes using working models or theoretical models.
• Design and develop cybersecurity or cybersecurity-enabled solutions.
• Design or integrate appropriate cybersecurity capabilities into overall system designs.
• Develop and execute system testing and validation procedures and documentation.
• Develop architectures or system components consistent with technical specifications.
• Identify and direct the remediation of technical problems encountered during testing and implementation of new systems.

Requirements:
 

• 8 years of proven relevant industry experience.
• Experienced in computer architecture, network, web technologies, Operating Systems or embedded systems.
• Understanding and experience on various cybersecurity technologies on Microservices and DevSecOps practices.
• Understanding and hands-on experience in API security, Supply Chain validation (SCA), SRE, Service mesh, CI-CD pipeline and various tools used.
• Familiarity with SSDLC (Secure Software Development Life Cycle) process, OOP (Object Oriented Programing), Microservices and Serverless Functions, Container orchestration systems (Docker, Kubernetes).
• Experience translating regulatory requirements into operational and technical control objectives.
• Knowledge and understanding in using security tools for investigation, testing and assessment is a plus.
• Experience with common RCA frameworks, as well as threat modelling frameworks such as VAST.
• Deep understanding of various software security vulnerabilities, threats and attack vectors on different environments, and reverse engineering.
• Experience with SAST, DAST, IAST, & RASP tools.
• Knowledge of common EA models such as TOGAF or E2A/Zachman. Similarly, familiarity with PM frameworks such as PMP or Prince2.
• Experience with modern development practices such as Source Code Management (SCM) and CI-CD tools like git (GitLab), Jenkins, Bamboo, or CircleCI; infrastructure and configuration deployment applications such as Ansible or Terraform; and architectures such as Red-Black/Green-Blue deployment environments.
• Experience working with Capability or Security Maturity Model frameworks, such as O-ISM3 and C2M2.
• Knowledge of software development and engineering models (e.g., Waterfall, Agile, Spiral, Lean IT).
• Familiarity with cloud technologies - Any of the 3 major cloud vendors & cloud-native apps is a nice to have.
• Development experience is a plus (scripting, application development, etc.).
• Passion for learning new technologies and a desire to tackle hard technical problems.