DevSecOps Engineer

The DevSecOps Engineer will be responsible for implementing security controls within on-premise and cloud (AWS, Azure, and GCP) infrastructure environments and embedding security within the CI/CD pipeline. This role is based in Cape Town.

Responsibilities:

• Applying Security-as-Code principles across the board to improve the security of the product suite & provide training, mentoring, and best practices to the teams.
• Leading the development of an automated framework for Security Tool deployment and development, leveraging various scripting languages and open source solutions.
• Architecting and designing API Security, Container Security, AWS, Azure or GCP Cloud Security.
• Developing the automation of security and compliance capabilities in support of DevOps processes
• Implementing security features and monitoring tools, performing periodic security vulnerability assessments
• Responding swiftly to new and emerging security threats and vulnerabilities, investigating suspected attacks, and helping manage security incidents, including providing post-mortem analysis, identifying causes, developing solutions, and preventive measures.
• Managing the development, refresh, and implementation of security policies, standards, guidelines, and procedures
• Provide technical knowledge at all stages of the SDLC
• Provide continuous security-related support and guidance to the development squads
• Identify and address vulnerabilities/security non-compliance

Skills:

• · Must have experience integrating security requirements into the CI/CD pipeline
• · OWASP Knowledge
• · Able to demonstrate experience with AWS and AZURE infrastructure and the design patterns required to implement Well-Architected Framework principles
• · GCP infrastructure design best practices, including knowledge of networking and IAM
• · Able to demonstrate experience with Terraform/Terraform Cloud.
• · Familiarity with CASB technologies
• · Extensive experience with core Azure services, and cloud-native tools
• · Demonstrable experience automating security vulnerability tools such as Sonarcloud, Synk, Tenable IO, etc
• · Must be familiar with pipeline tooling including Terraform, Jenkins, Ansible, Jira, Docker, and Kubernetes
• · Experience with Windows and Linux operating systems and the principles of how to secure them in a Production environment

Salt is acting as an Employment Agency in relation to this vacancy.