DevSecOps Lead

We are seeking a skilled and experienced DevSecOps Engineer to join a leading ASX listed bsiness on a 12 month rolling contract basis. As a DevSecOps Engineer, you will play a critical role in ensuring the security and stability of the software development and deployment processes. You must have hands-on experience with Azure and a proven track record of building CI/CD security pipelines from scratch.

Responsibilities:

• Collaborate with development, operations, and security teams to integrate security practices into the software development lifecycle.
• Design, implement, and maintain secure and scalable CI/CD pipelines for continuous integration, delivery, and deployment.
• Develop and automate security tests, vulnerability assessments, and code analysis tools to identify and mitigate potential risks in the development pipeline.
• Conduct security reviews and audits of infrastructure, applications, and code to identify vulnerabilities and recommend remediation strategies.
• Implement and manage security tools and technologies, such as static code analysis, penetration testing tools, vulnerability scanners, and security incident and event management systems.
• Stay up to date with the latest security threats, vulnerabilities, and industry best practices, and provide recommendations for improvements to the development and operations teams.
• Work closely with developers to provide guidance and assistance in writing secure code and implementing security controls.
• Collaborate with operations teams to ensure the secure configuration and management of cloud infrastructure and services, specifically in an Azure environment.
• Participate in incident response activities, investigating and resolving security incidents and breaches as required.
• Document and maintain security standards, procedures, and guidelines to ensure compliance with industry regulations and standards.

Requirements:

• Bachelor's degree in Computer Science, Engineering, or a related field (or equivalent work experience).
• Proven experience as a DevSecOps Engineer or similar role, preferably in a cloud-based environment.
• Strong experience with Microsoft Azure services, including Azure DevOps, Azure Security Center, Azure Key Vault, and Azure Active Directory.
• Demonstrated experience in designing and building CI/CD security pipelines from scratch, using tools such as Jenkins, GitLab CI/CD, Azure DevOps, or similar.
• Solid understanding of secure coding practices, vulnerability management, and threat modeling.
• Proficient in scripting and automation using languages such as Python, PowerShell, or Bash.
• Familiarity with security frameworks and standards, such as OWASP, NIST, ISO 27001, and CIS Benchmarks.
• Experience with containerization technologies (Docker, Kubernetes) and cloud-native security principles.
• Knowledge of network protocols, firewall configurations, and network security concepts.
• Strong problem-solving skills and the ability to work independently as well as part of a team.
• Excellent communication and interpersonal skills, with the ability to convey complex security concepts to technical and non-technical stakeholders.