Security Engineer
Detail posisi
We're looking for a skilled and experienced DevSecOps Engineer to join our team and champion a culture of security excellence. You'll play a pivotal role in automating security testing, collaborating with developers to build secure code, and conducting penetration testing to identify and remediate vulnerabilities before they reach production.
Kewajiban
• Design, implement, and automate DevSecOps processes and tools within our CI/CD pipeline.
• Conduct penetration testing on applications, infrastructure, and APIs, identifying and documenting vulnerabilities.
• Collaborate with developers to understand their needs and integrate security best practices into the development process.
• Analyze security vulnerabilities, prioritize risks, and recommend mitigation strategies.
• Develop and maintain security documentation, including threat models and attack surface diagrams.
• Stay informed about the latest security trends and threats, keeping our team and organization proactive against evolving risks.
• Participate in security incident response and remediation efforts.
• Foster a culture of security awareness within the organization through education and training initiatives.
Kualifikasi
• Proven experience with penetration testing methodologies and tools (e.g., Metasploit, Burp Suite, Nmap, Zap, etc).
• 3+ years of experience as a DevSecOps Engineer or a related role.
• Strong understanding of DevSecOps principles and practices.
• Experience with CI/CD pipelines and automation tools (e.g., Jenkins, GitLab CI).
• Experience in Kubernetes (GKE, KUBECTL, HELM) and containers (Docker).
• Expertise in secure coding practices and application security frameworks.
• Good communication, collaboration, and problem-solving skills.
• Ability to work independently and as part of a cross-functional team.