We are seeking a skilled and experienced DevSecOps Engineer to join a leading ASX listed bsiness on a 12 month rolling contract basis. As a DevSecOps Engineer, you will play a critical role in ensuring the security and stability of the software development and deployment processes. You must have hands-on experience with Azure and a proven track record of building CI/CD security pipelines from scratch.
Responsibilities:
- Collaborate with development, operations, and security teams to integrate security practices into the software development lifecycle.
- Design, implement, and maintain secure and scalable CI/CD pipelines for continuous integration, delivery, and deployment.
- Develop and automate security tests, vulnerability assessments, and code analysis tools to identify and mitigate potential risks in the development pipeline.
- Conduct security reviews and audits of infrastructure, applications, and code to identify vulnerabilities and recommend remediation strategies.
- Implement and manage security tools and technologies, such as static code analysis, penetration testing tools, vulnerability scanners, and security incident and event management systems.
- Stay up to date with the latest security threats, vulnerabilities, and industry best practices, and provide recommendations for improvements to the development and operations teams.
- Work closely with developers to provide guidance and assistance in writing secure code and implementing security controls.
- Collaborate with operations teams to ensure the secure configuration and management of cloud infrastructure and services, specifically in an Azure environment.
- Participate in incident response activities, investigating and resolving security incidents and breaches as required.
- Document and maintain security standards, procedures, and guidelines to ensure compliance with industry regulations and standards.
Requirements:
- Bachelor's degree in Computer Science, Engineering, or a related field (or equivalent work experience).
- Proven experience as a DevSecOps Engineer or similar role, preferably in a cloud-based environment.
- Strong experience with Microsoft Azure services, including Azure DevOps, Azure Security Center, Azure Key Vault, and Azure Active Directory.
- Demonstrated experience in designing and building CI/CD security pipelines from scratch, using tools such as Jenkins, GitLab CI/CD, Azure DevOps, or similar.
- Solid understanding of secure coding practices, vulnerability management, and threat modeling.
- Proficient in scripting and automation using languages such as Python, PowerShell, or Bash.
- Familiarity with security frameworks and standards, such as OWASP, NIST, ISO 27001, and CIS Benchmarks.
- Experience with containerization technologies (Docker, Kubernetes) and cloud-native security principles.
- Knowledge of network protocols, firewall configurations, and network security concepts.
- Strong problem-solving skills and the ability to work independently as well as part of a team.
- Excellent communication and interpersonal skills, with the ability to convey complex security concepts to technical and non-technical stakeholders.