نشان کن
کد آگهی: KP8292225256
استخدام DevSecOps Engineer
:fill(transparent):quality(100)/https://mstorage2.jobinjacdn.com/other/files/uploads/images/1fc44e45-57e5-4760-87cd-ac622cc71d0e/main.png)
هف هشتاد | Hafhashtad
در تهران
اطلاعات شغل:
نوع همکاری: تماموقت
مدرک تحصیلی مورد نیاز: دیپلم
مهارتهای مورد نیاز:
DevSecOps
Pytorch
Golang
پرداختها: توافقی
متن کامل آگهی:
We are seeking a DevSecOps Engineer to integrate security best practices into CI/CD pipelines, cloud environments, and software development lifecycles. The ideal candidate will work closely with development, security, and operations teams to automate security processes, implement security controls, and ensure compliance with industry security standards.
This role is crucial in shifting security left, ensuring secure coding practices, vulnerability management, and continuous security monitoring in modern DevOps environments.
Responsibilities:
Security Automation & CI/CD Integration
- Design and implement security automation within CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins, Kubernetes DevOps, etc.).
- Integrate SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), IAST (Interactive Application Security Testing), and SCA (Software Composition Analysis) tools.
- Automate secrets detection, dependency scanning, and container security Terraform Sentinel checks.
- Ensure security compliance before deployment using policy-as-code and automated security gates.
Infrastructure Security
- Implement security controls in CIS Benchmark on Infrastructure environments.
- Enforce IAM (Identity & Access Management), least privilege access, and Zero Trust principles.
- Secure Kubernetes, Docker, and serverless deployments through network policies, RBAC, and runtime protection.
- Design and enforce secure infrastructure-as-code (IaC) policies (Terraform, Ansible).
Application & API Security
- Collaborate with developers to implement secure coding practices.
- Assess and improve API security (OAuth2, JWT, API gateways).
- Secure microservices architectures using service mesh (GRPC) and API security tools.
Vulnerability Management & Threat Detection
- Conduct continuous security assessments and penetration testing on applications and infrastructure.
- Automate vulnerability scanning and remediation workflows using SIEM, SOAR, and security analytics tools.
- Monitor cloud and container environments for threat detection and runtime security.
Security Compliance & Governance
- Ensure compliance with security standards (ISO 27001, NIST, PCI-DSS, OWASP, SOC 2).
- Automate security audits and generate compliance reports.
- Develop and maintain security policies, standards, and documentation.
- Security Awareness & Collaboration
- Train developers and DevOps teams on secure coding, cloud security, and DevSecOps practices.
- Conduct security awareness programs to embed security culture across teams.
- Research and implement emerging DevSecOps tools and best practices.
Required Skills & Qualifications:
✔ Hands-on experience with security tools:
- SAST/DAST/IAST (SonarQube, OWASP Nettacker, Burp Suite, ZAP)
- Container security (Trivy ,..)
- IaC security (Open Policy Agent, KICS)
- Secrets management (HashiCorp Vault)
- SIEM & threat detection (Splunk, ELK, Wazuh)
✔ Proficiency in scripting & automation (Python, Bash, PowerShell, Golang).
✔ Strong knowledge of DevOps tools (Docker, Kubernetes, Jenkins, GitHub Actions, Terraform).
✔ Understanding of secure coding and API security principles.
Soft Skills & Experience:
✔ +4 years of experience in DevSecOps, or Cybersecurity.
✔ Ability to work with cross-functional teams (DevOps, Security, IT, Compliance).
✔ Strong problem-solving skills for automating security workflows.
✔ Excellent communication and documentation skills.
این آگهی از وبسایت جابینجا پیدا شده، با زدن دکمهی تماس با کارفرما، به وبسایت جابینجا برین و از اونجا برای این شغل اقدام کنین.
هشدار
گزارش مشکل آگهی
تماس با کارفرما
این آگهی رو برای دیگران بفرست
نشان کن
گزارش مشکل آگهی
جستجوهای مرتبط
دوشنبه 20 اسفند 1403، ساعت 03:06